EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)

2021-07-06T00:00:00

Description

According to the versions of the kernel - A memory leak in the ath10k_usb_hif_tx_sg() function in - In the Linux kernel before 5.6.1, drivers/media/ - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wire - A flaw was found in the way the Linux kernel's - A use-after-free flaw was found in the way the Linux - A flaw was found in the Linux pinctrl system. It is - A stack information leak flaw was found in s390/s390x - A flaw was found in the Linux kernel's implementation - A flaw was found in the Linux kernel. A use-after-free - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root - Use-after-free vulnerability in fs/block_dev.c in the - A flaw was found in the Linux kernel in versions before - A flaw was found in the Linux kernel. A use-after-free - Bodong Zhao discovered a use-after-free in the Sun - A flaw memory leak in the Linux kernel performance - A flaw in ICMP packets in the Linux kernel may allow an v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud All versions, SIMATIC MV500 Family: All versions, Version(CVE-2020-25705) - A slab-out-of-bounds read in fbcon in the Linux kernel - An issue was discovered in kmem_cache_alloc_bulk in - A locking issue was discovered in the tty subsystem of drivers/tty/tty_jobctrl.c allows a use-after-free - A flaw was found in the USB monitor driver of the Linux - A flaw out of bounds write in the Linux kernel human Note that Tenable Network Security has extracted packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078) usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.(CVE-2020-11668) less/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.(CVE-2020-12654) networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system.(CVE-2019-15239) kernel's filesystem subsystem handled a race condition in the chrdev_open function. This flaw allows a privileged local user to starve the resources, causing a denial of service or potentially escalating their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-0305) possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427) in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773) of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331) memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351) privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386) Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436) 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645) was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656) keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2020-25669) monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704) attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: Connect 7: SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974) mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370) the Linux kernel through 5.9.13. attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661) kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges(CVE-2019-9456) interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.(CVE-2020-0431) the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2021-2140.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.(CVE-2020-12654)\n\n - A flaw was found in the way the Linux kernel's networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system.(CVE-2019-15239)\n\n - A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the chrdev_open function. This flaw allows a privileged local user to starve the resources, causing a denial of service or potentially escalating their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-0305)\n\n - A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2020-25669)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D:\n v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7:\n All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU:\n Version(CVE-2020-25705)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A flaw was found in the USB monitor driver of the Linux kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges(CVE-2019-9456)\n\n - A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-07-06T00:00:00", "modified": "2022-12-05T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/151419", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29370", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9456", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0431", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436", "http://www.nessus.org/u?b3064040", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11668", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12654", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25704", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15239", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19078", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25669", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10773", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25705"], "cvelist": ["CVE-2019-15239", "CVE-2019-19078", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-10773", "CVE-2020-11668", "CVE-2020-12654", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29661"], "immutableFields": [], "lastseen": "2023-05-28T14:16:56", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:0558", "ALSA-2021:1578", "ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2020-1430", "ALAS-2020-1437", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS-2021-1461", "ALAS-2021-1477", "ALAS2-2020-1488", "ALAS2-2020-1495", "ALAS2-2020-1520", "ALAS2-2020-1566", "ALAS2-2021-1588"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-09-01", "ANDROID:2020-06-01", "ANDROID:2020-09-01"]}, {"type": "archlinux", "idList": ["ASA-202011-10"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2019:3979", "CESA-2020:3220", "CESA-2020:5023", "CESA-2021:0856", "CESA-2021:2725", "CESA-2022:0063"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:28D7D983C9283C1F04F738490F4E9234", "CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4", "CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632261812", "CLSA-2021:1632261839", "CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2019-15239", "CVE-2019-19078", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-10773", "CVE-2020-11668", "CVE-2020-12654", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29661"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DLA-2417-1:4ADAB", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4774-1:EE27B", "DEBIAN:DSA-4774-1:EF524", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4843-1:6BD24"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-15239", "DEBIANCVE:CVE-2019-19078", "DEBIANCVE:CVE-2019-9456", "DEBIANCVE:CVE-2020-0305", "DEBIANCVE:CVE-2020-0427", "DEBIANCVE:CVE-2020-0431", "DEBIANCVE:CVE-2020-10773", "DEBIANCVE:CVE-2020-11668", "DEBIANCVE:CVE-2020-12654", "DEBIANCVE:CVE-2020-14331", "DEBIANCVE:CVE-2020-14351", "DEBIANCVE:CVE-2020-14386", "DEBIANCVE:CVE-2020-15436", "DEBIANCVE:CVE-2020-25645", "DEBIANCVE:CVE-2020-25656", "DEBIANCVE:CVE-2020-25669", "DEBIANCVE:CVE-2020-25704", "DEBIANCVE:CVE-2020-25705", "DEBIANCVE:CVE-2020-28974", "DEBIANCVE:CVE-2020-29370", "DEBIANCVE:CVE-2020-29661"]}, {"type": "f5", "idList": ["F5:K07933942", "F5:K09604370", "F5:K10429441", "F5:K41440465", "F5:K44994972", "F5:K50928877", "F5:K55335001", "F5:K58022757", "F5:K58523450", "F5:K65213626", "F5:K92969318"]}, {"type": "fedora", "idList": ["FEDORA:02C4230A08EF", "FEDORA:14FCA30C8E50", "FEDORA:1B8D330A08F2", "FEDORA:1F1BC30987DA", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2D09F309C002", "FEDORA:371E06040B12", "FEDORA:451BA309C1E0", "FEDORA:4928D30A037F", "FEDORA:51B856067EB8", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:628EB603ECD0", "FEDORA:6B92130C7DAE", "FEDORA:803AE30C6416", "FEDORA:824E230A6A04", "FEDORA:94BC060A4ECF", "FEDORA:BF5EC607125E", "FEDORA:C63656040AE1", "FEDORA:CB0956087865", "FEDORA:CF851309C00C", "FEDORA:EC9F26076D31"]}, {"type": "githubexploit", "idList": ["5ACF6B43-1E0E-55AE-A3C6-2FFCB8E95A05", "A10132DA-F650-5163-A3F9-DBE973D0187D"]}, {"type": "ibm", "idList": ["0848D11FE6A7FFE3D70FDD1DBC47A7D72FEBAE4AFB8052D4E01853492896AFB0", "0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "180AC5D7287F51495B95E36020BFF2325D0F58CB7C4B6EA71A4C3D8EEB389808", "1879325E67264056B58E8AD7F16855960BE3D80A459CF04AA2C576744065C438", "1B4C690B7DA33A4807087B34223ECB27C2AA91A91D536267A98B4BCEEB54A441", "3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "A682F39065541E5C1712239B2761462972169D4C104E7393AB2199A0478F5C1A", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B2FCE44624F501314D958E4856653642A780A19EFDC1BC430A290CBD59647968", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "B98F811575D2E16065FC8E4C211A8B74BBF4DCEBB02BCE8974D057BDB7A7A3B4", "C0FCC5D279BEFE9806E8A80D16BECA9269D08733514F5E75C230F16777C34421", "CDF395DCA76931626CDB7CC71C6A81A725FA69D7DD15259B58CC23FBAAF0244D", "D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135", "D93D4935148F7F3B13EA6EFB252FC805F8785D44154C48C5441B79CADDEC8988", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "FE7DE370E3A053AC4CAFE02AD4DAD2A6486962E6E2E5C5CE8D6573A3EF4738DA"]}, {"type": "ics", "idList": ["ICSA-21-131-03"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "mageia", "idList": ["MGASA-2020-0183", "MGASA-2020-0184", "MGASA-2020-0392", "MGASA-2021-0030", "MGASA-2021-0031"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1488.NASL", "AL2_ALAS-2020-1495.NASL", "AL2_ALAS-2020-1520.NASL", "AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1588.NASL", "AL2_ALASKERNEL-5_4-2022-015.NASL", "AL2_ALASKERNEL-5_4-2022-018.NASL", "AL2_ALASKERNEL-5_4-2022-019.NASL", "ALA_ALAS-2020-1430.NASL", "ALA_ALAS-2020-1437.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALA_ALAS-2021-1477.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2021-0558.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "CENTOS8_RHSA-2020-4286.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2020-3220.NASL", "CENTOS_RHSA-2020-5023.NASL", "CENTOS_RHSA-2021-0856.NASL", "CENTOS_RHSA-2021-2725.NASL", "CENTOS_RHSA-2022-0063.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DLA-2417.NASL", "DEBIAN_DLA-2420.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DSA-4497.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4774.NASL", "DEBIAN_DSA-4843.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1508.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1698.NASL", "EULEROS_SA-2020-1713.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-2150.NASL", "EULEROS_SA-2020-2166.NASL", "EULEROS_SA-2020-2176.NASL", "EULEROS_SA-2020-2303.NASL", "EULEROS_SA-2020-2311.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2411.NASL", "EULEROS_SA-2020-2429.NASL", "EULEROS_SA-2020-2485.NASL", "EULEROS_SA-2020-2498.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1148.NASL", "EULEROS_SA-2021-1200.NASL", "EULEROS_SA-2021-1265.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1454.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL09604370.NASL", "F5_BIGIP_SOL44994972.NASL", "FEDORA_2019-8846A1A5A2.NASL", "FEDORA_2019-91F6E7BB71.NASL", "FEDORA_2020-98CCAE320C.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-B858B48B23.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2020-E211716D08.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0008_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0126_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0140_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0017_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0073_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0074_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0080_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0017_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_15_5_5.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_15_7.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_18_0_5.NASL", "NUTANIX_NXSA-AOS-5_18_1.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0.NASL", "NUTANIX_NXSA-AOS-6_0_1_5.NASL", "NUTANIX_NXSA-AOS-6_0_2.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2020-1153.NASL", "OPENSUSE-2020-1236.NASL", "OPENSUSE-2020-1325.NASL", "OPENSUSE-2020-1379.NASL", "OPENSUSE-2020-1382.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-1682.NASL", "OPENSUSE-2020-1698.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2034.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-935.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4810.NASL", "ORACLELINUX_ELSA-2020-3220.NASL", "ORACLELINUX_ELSA-2020-4286.NASL", "ORACLELINUX_ELSA-2020-5023.NASL", "ORACLELINUX_ELSA-2020-5691.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5841.NASL", "ORACLELINUX_ELSA-2020-5844.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5848.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5878.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2020-5995.NASL", "ORACLELINUX_ELSA-2020-5996.NASL", "ORACLELINUX_ELSA-2021-0336.NASL", "ORACLELINUX_ELSA-2021-0558.NASL", "ORACLELINUX_ELSA-2021-0856.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "ORACLELINUX_ELSA-2021-9001.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "ORACLELINUX_ELSA-2021-9043.NASL", "ORACLELINUX_ELSA-2021-9079.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9212.NASL", "ORACLELINUX_ELSA-2021-9442.NASL", "ORACLELINUX_ELSA-2022-0063.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0030.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0290_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0310_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0323_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0230_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0266_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0282_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0295_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0082_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0119_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0140_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0163_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0308_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-2832.NASL", "REDHAT-RHSA-2020-3010.NASL", "REDHAT-RHSA-2020-3016.NASL", "REDHAT-RHSA-2020-3041.NASL", "REDHAT-RHSA-2020-3220.NASL", "REDHAT-RHSA-2020-3221.NASL", "REDHAT-RHSA-2020-3222.NASL", "REDHAT-RHSA-2020-3224.NASL", "REDHAT-RHSA-2020-3226.NASL", "REDHAT-RHSA-2020-3232.NASL", "REDHAT-RHSA-2020-3389.NASL", "REDHAT-RHSA-2020-3432.NASL", "REDHAT-RHSA-2020-4286.NASL", "REDHAT-RHSA-2020-4287.NASL", "REDHAT-RHSA-2020-4289.NASL", "REDHAT-RHSA-2020-4331.NASL", "REDHAT-RHSA-2020-4332.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5023.NASL", "REDHAT-RHSA-2020-5026.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2021-0336.NASL", "REDHAT-RHSA-2021-0338.NASL", "REDHAT-RHSA-2021-0354.NASL", "REDHAT-RHSA-2021-0537.NASL", "REDHAT-RHSA-2021-0558.NASL", "REDHAT-RHSA-2021-0686.NASL", "REDHAT-RHSA-2021-0689.NASL", "REDHAT-RHSA-2021-0763.NASL", "REDHAT-RHSA-2021-0765.NASL", "REDHAT-RHSA-2021-0774.NASL", "REDHAT-RHSA-2021-0848.NASL", "REDHAT-RHSA-2021-0856.NASL", "REDHAT-RHSA-2021-0857.NASL", "REDHAT-RHSA-2021-0862.NASL", "REDHAT-RHSA-2021-0878.NASL", "REDHAT-RHSA-2021-0940.NASL", "REDHAT-RHSA-2021-1028.NASL", "REDHAT-RHSA-2021-1031.NASL", "REDHAT-RHSA-2021-1267.NASL", "REDHAT-RHSA-2021-1288.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1531.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-2718.NASL", "REDHAT-RHSA-2021-2719.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "REDHAT-RHSA-2022-0063.NASL", "REDHAT-RHSA-2022-0065.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20201110_KERNEL_ON_SL7_X.NASL", "SL_20210202_KERNEL_ON_SL7_X.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SL_20220114_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-14393-1.NASL", "SUSE_SU-2020-14442-1.NASL", "SUSE_SU-2020-1475-1.NASL", "SUSE_SU-2020-1486-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1596-1.NASL", "SUSE_SU-2020-1597-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-1779-1.NASL", "SUSE_SU-2020-2105-1.NASL", "SUSE_SU-2020-2106-1.NASL", "SUSE_SU-2020-2107-1.NASL", "SUSE_SU-2020-2119-1.NASL", "SUSE_SU-2020-2121-1.NASL", "SUSE_SU-2020-2122-1.NASL", "SUSE_SU-2020-2134-1.NASL", "SUSE_SU-2020-2152-1.NASL", "SUSE_SU-2020-2486-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2492-1.NASL", "SUSE_SU-2020-2497-1.NASL", "SUSE_SU-2020-2498-1.NASL", "SUSE_SU-2020-2499-1.NASL", "SUSE_SU-2020-2502-1.NASL", "SUSE_SU-2020-2540-1.NASL", "SUSE_SU-2020-2574-1.NASL", "SUSE_SU-2020-2575-1.NASL", "SUSE_SU-2020-2576-1.NASL", "SUSE_SU-2020-2577-1.NASL", "SUSE_SU-2020-2578-1.NASL", "SUSE_SU-2020-2582-1.NASL", "SUSE_SU-2020-2610-1.NASL", "SUSE_SU-2020-2623-1.NASL", "SUSE_SU-2020-2631-1.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2972-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-2981-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3219-1.NASL", "SUSE_SU-2020-3225-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3273-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3433-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3507-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3651-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0408-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0835-1.NASL", "SUSE_SU-2021-1074-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-4258-1.NASL", "UBUNTU_USN-4284-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4364-1.NASL", "UBUNTU_USN-4368-1.NASL", "UBUNTU_USN-4369-1.NASL", "UBUNTU_USN-4369-2.NASL", "UBUNTU_USN-4489-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4658-1.NASL", "UBUNTU_USN-4659-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4681-1.NASL", "UBUNTU_USN-4683-1.NASL", "UBUNTU_USN-4708-1.NASL", "UBUNTU_USN-4709-1.NASL", "UBUNTU_USN-4710-1.NASL", "UBUNTU_USN-4711-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4750-1.NASL", "UBUNTU_USN-4751-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4912-1.NASL", "VIRTUOZZO_VZA-2019-086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704698", "OPENVAS:1361412562310844316", "OPENVAS:1361412562310844343", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844433", "OPENVAS:1361412562310844439", "OPENVAS:1361412562310844443", "OPENVAS:1361412562310844448", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310853260", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310892241", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201508", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201698", "OPENVAS:1361412562311220201713"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-2020-12-09-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3979", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2020-3010", "ELSA-2020-3220", "ELSA-2020-4060", "ELSA-2020-4286", "ELSA-2020-4431", "ELSA-2020-5023", "ELSA-2020-5473", "ELSA-2020-5691", "ELSA-2020-5708", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5755", "ELSA-2020-5841", "ELSA-2020-5844", "ELSA-2020-5845", "ELSA-2020-5848", "ELSA-2020-5866", "ELSA-2020-5878", "ELSA-2020-5884", "ELSA-2020-5885", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2020-5995", "ELSA-2020-5996", "ELSA-2021-0336", "ELSA-2021-0558", "ELSA-2021-0856", "ELSA-2021-1578", "ELSA-2021-2725", "ELSA-2021-4356", "ELSA-2021-9001", "ELSA-2021-9002", "ELSA-2021-9005", "ELSA-2021-9006", "ELSA-2021-9007", "ELSA-2021-9008", "ELSA-2021-9043", "ELSA-2021-9052", "ELSA-2021-9079", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9212", "ELSA-2021-9442", "ELSA-2022-0063", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:ASB-A-174737742", "OSV:ASB-A-174737972", "OSV:ASB-A-175451802", "OSV:DLA-1884-1", "OSV:DLA-2241-1", "OSV:DLA-2242-1", "OSV:DLA-2385-1", "OSV:DLA-2417-1", "OSV:DLA-2420-1", "OSV:DLA-2483-1", "OSV:DLA-2494-1", "OSV:DLA-2557-1", "OSV:DLA-2586-1", "OSV:DSA-4497-1", "OSV:DSA-4698-1", "OSV:DSA-4774-1", "OSV:DSA-4843-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160681"]}, {"type": "photon", "idList": ["PHSA-2019-0046", "PHSA-2019-0175", "PHSA-2019-0250", "PHSA-2019-1.0-0248", "PHSA-2019-2.0-0175", "PHSA-2019-3.0-0046", "PHSA-2020-0069", "PHSA-2020-0073", "PHSA-2020-0082", "PHSA-2020-0119", "PHSA-2020-0140", "PHSA-2020-0147", "PHSA-2020-0153", "PHSA-2020-0160", "PHSA-2020-0163", "PHSA-2020-0174", "PHSA-2020-0219", "PHSA-2020-0230", "PHSA-2020-0287", "PHSA-2020-0290", "PHSA-2020-0309", "PHSA-2020-0310", "PHSA-2020-0323", "PHSA-2020-0338", "PHSA-2020-0345", "PHSA-2020-0350", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0309", "PHSA-2020-1.0-0310", "PHSA-2020-1.0-0323", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0350", "PHSA-2020-2.0-0230", "PHSA-2020-2.0-0266", "PHSA-2020-2.0-0282", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0296", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0174", "PHSA-2021-0007", "PHSA-2021-0095", "PHSA-2021-0182", "PHSA-2021-0308", "PHSA-2021-2.0-0308", "PHSA-2021-3.0-0182", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0095", "PHSA-2023-4.0-0318"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:3978", "RHSA-2019:3979", "RHSA-2020:0027", "RHSA-2020:2832", "RHSA-2020:3010", "RHSA-2020:3016", "RHSA-2020:3041", "RHSA-2020:3194", "RHSA-2020:3220", "RHSA-2020:3221", "RHSA-2020:3222", "RHSA-2020:3224", "RHSA-2020:3226", "RHSA-2020:3232", "RHSA-2020:3389", "RHSA-2020:3432", "RHSA-2020:4286", "RHSA-2020:4287", "RHSA-2020:4289", "RHSA-2020:4331", "RHSA-2020:4332", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5023", "RHSA-2020:5026", "RHSA-2020:5118", "RHSA-2020:5199", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0336", "RHSA-2021:0338", "RHSA-2021:0354", "RHSA-2021:0537", "RHSA-2021:0558", "RHSA-2021:0607", "RHSA-2021:0686", "RHSA-2021:0689", "RHSA-2021:0719", "RHSA-2021:0763", "RHSA-2021:0765", "RHSA-2021:0774", "RHSA-2021:0799", "RHSA-2021:0848", "RHSA-2021:0856", "RHSA-2021:0857", "RHSA-2021:0862", "RHSA-2021:0878", "RHSA-2021:0940", "RHSA-2021:1028", "RHSA-2021:1031", "RHSA-2021:1129", "RHSA-2021:1267", "RHSA-2021:1288", "RHSA-2021:1376", "RHSA-2021:1531", "RHSA-2021:1578", "RHSA-2021:1739", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:2164", "RHSA-2021:2355", "RHSA-2021:2523", "RHSA-2021:2718", "RHSA-2021:2719", "RHSA-2021:2725", "RHSA-2021:2726", "RHSA-2021:3016", "RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137", "RHSA-2022:0063", "RHSA-2022:0065", "RHSA-2022:0236", "RHSA-2022:0595"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-15239", "RH:CVE-2019-19078", "RH:CVE-2019-9456", "RH:CVE-2020-0305", "RH:CVE-2020-0427", "RH:CVE-2020-0431", "RH:CVE-2020-10773", "RH:CVE-2020-11668", "RH:CVE-2020-12654", "RH:CVE-2020-14331", "RH:CVE-2020-14351", "RH:CVE-2020-14386", "RH:CVE-2020-15436", "RH:CVE-2020-25645", "RH:CVE-2020-25656", "RH:CVE-2020-25669", "RH:CVE-2020-25704", "RH:CVE-2020-25705", "RH:CVE-2020-28974", "RH:CVE-2020-29370", "RH:CVE-2020-29661", "RH:CVE-2021-20322"]}, {"type": "slackware", "idList": ["SSA-2020-163-01", "SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:0935-1", "OPENSUSE-SU-2020:1153-1", "OPENSUSE-SU-2020:1236-1", "OPENSUSE-SU-2020:1325-1", "OPENSUSE-SU-2020:1379-1", "OPENSUSE-SU-2020:1382-1", "OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:1682-1", "OPENSUSE-SU-2020:1698-1", "OPENSUSE-SU-2020:1906-1", "OPENSUSE-SU-2020:2034-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "symantec", "idList": ["SMNTC-110895"]}, {"type": "thn", "idList": ["THN:2C912D2A2005BA770BBD4A4975BD3518", "THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "ubuntu", "idList": ["LSN-0071-1", "LSN-0072-1", "LSN-0074-1", "LSN-0082-1", "USN-4258-1", "USN-4284-1", "USN-4287-1", "USN-4287-2", "USN-4345-1", "USN-4364-1", "USN-4368-1", "USN-4369-1", "USN-4369-2", "USN-4392-1", "USN-4393-1", "USN-4489-1", "USN-4657-1", "USN-4658-1", "USN-4658-2", "USN-4659-1", "USN-4659-2", "USN-4660-1", "USN-4660-2", "USN-4679-1", "USN-4680-1", "USN-4681-1", "USN-4683-1", "USN-4708-1", "USN-4709-1", "USN-4710-1", "USN-4711-1", "USN-4748-1", "USN-4749-1", "USN-4750-1", "USN-4751-1", "USN-4752-1", "USN-4912-1", "USN-5130-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15239", "UB:CVE-2019-19078", "UB:CVE-2019-9456", "UB:CVE-2020-0305", "UB:CVE-2020-0427", "UB:CVE-2020-0431", "UB:CVE-2020-10773", "UB:CVE-2020-11668", "UB:CVE-2020-12654", "UB:CVE-2020-14331", "UB:CVE-2020-14351", "UB:CVE-2020-14386", "UB:CVE-2020-15436", "UB:CVE-2020-25645", "UB:CVE-2020-25656", "UB:CVE-2020-25669", "UB:CVE-2020-25704", "UB:CVE-2020-25705", "UB:CVE-2020-28974", "UB:CVE-2020-29370", "UB:CVE-2020-29661"]}, {"type": "veracode", "idList": ["VERACODE:22028", "VERACODE:25427", "VERACODE:25825", "VERACODE:26976", "VERACODE:27638", "VERACODE:27771", "VERACODE:27780", "VERACODE:27802", "VERACODE:28077", "VERACODE:28083", "VERACODE:28088", "VERACODE:28090", "VERACODE:28922", "VERACODE:29416", "VERACODE:29735", "VERACODE:30564", "VERACODE:30575"]}, {"type": "virtuozzo", "idList": ["VZA-2019-086", "VZA-2020-055", "VZA-2020-056", "VZA-2021-006", "VZA-2021-008", "VZA-2021-040"]}, {"type": "zdi", "idList": ["ZDI-20-1372"]}, {"type": "zdt", "idList": ["1337DAY-ID-35569"]}]}, "score": {"value": 8.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:0558"]}, {"type": "amazon", "idList": ["ALAS-2020-1430", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS2-2020-1488", "ALAS2-2020-1495", "ALAS2-2020-1520", "ALAS2-2020-1566"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-12-01", "ANDROID:2020-03-01", "ANDROID:2021-04-01", "ANDROID:2021-05-01"]}, {"type": "archlinux", "idList": ["ASA-202011-10"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2020:5023"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632261812", "CLSA-2021:1632261839"]}, {"type": "cve", "idList": ["CVE-2019-15239", "CVE-2019-19078", "CVE-2019-9456", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29661"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95", "DEBIAN:DSA-4698-1:66813"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-15239", "DEBIANCVE:CVE-2019-19078", "DEBIANCVE:CVE-2019-9456", "DEBIANCVE:CVE-2020-0305", "DEBIANCVE:CVE-2020-0427", "DEBIANCVE:CVE-2020-0431", "DEBIANCVE:CVE-2020-10773", "DEBIANCVE:CVE-2020-11668", "DEBIANCVE:CVE-2020-12654", "DEBIANCVE:CVE-2020-14331", "DEBIANCVE:CVE-2020-14351", "DEBIANCVE:CVE-2020-14386", "DEBIANCVE:CVE-2020-15436", "DEBIANCVE:CVE-2020-25645", "DEBIANCVE:CVE-2020-25656", "DEBIANCVE:CVE-2020-25669", "DEBIANCVE:CVE-2020-25704", "DEBIANCVE:CVE-2020-25705", "DEBIANCVE:CVE-2020-28974", "DEBIANCVE:CVE-2020-29370", "DEBIANCVE:CVE-2020-29661"]}, {"type": "f5", "idList": ["F5:K92969318"]}, {"type": "fedora", "idList": ["FEDORA:02C4230A08EF", "FEDORA:14FCA30C8E50", "FEDORA:1B8D330A08F2", "FEDORA:1F1BC30987DA", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2D09F309C002", "FEDORA:371E06040B12", "FEDORA:451BA309C1E0", "FEDORA:4928D30A037F", "FEDORA:51B856067EB8", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:628EB603ECD0", "FEDORA:6B92130C7DAE", "FEDORA:803AE30C6416", "FEDORA:824E230A6A04", "FEDORA:94BC060A4ECF", "FEDORA:BF5EC607125E", "FEDORA:C63656040AE1", "FEDORA:CB0956087865", "FEDORA:CF851309C00C", "FEDORA:EC9F26076D31"]}, {"type": "githubexploit", "idList": ["5ACF6B43-1E0E-55AE-A3C6-2FFCB8E95A05", "A10132DA-F650-5163-A3F9-DBE973D0187D"]}, {"type": "ibm", "idList": ["7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2020-25645/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/", "MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-5023.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DSA-4497.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-2485.NASL", "EULEROS_SA-2020-2498.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1751.NASL", "FEDORA_2020-98CCAE320C.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2020-E211716D08.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2034.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "ORACLELINUX_ELSA-2020-5023.NASL", "ORACLELINUX_ELSA-2020-5691.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5995.NASL", "ORACLELINUX_ELSA-2020-5996.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-9212.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0295_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0163_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-5023.NASL", "REDHAT-RHSA-2020-5026.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2021-1028.NASL", "REDHAT-RHSA-2021-1031.NASL", "REDHAT-RHSA-2021-1267.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2164.NASL", "SL_20201110_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-2610-1.NASL", "SUSE_SU-2020-2623-1.NASL", "SUSE_SU-2020-2631-1.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2972-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-2981-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3219-1.NASL", "SUSE_SU-2020-3225-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3273-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3433-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3507-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3651-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-1074-1.NASL", "UBUNTU_USN-4258-1.NASL", "UBUNTU_USN-4284-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4364-1.NASL", "UBUNTU_USN-4368-1.NASL", "UBUNTU_USN-4369-1.NASL", "UBUNTU_USN-4369-2.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4658-1.NASL", "UBUNTU_USN-4659-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4912-1.NASL", "VIRTUOZZO_VZA-2019-086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444", "OPENVAS:1361412562310844316", "OPENVAS:1361412562310844343", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844433", "OPENVAS:1361412562310844439", "OPENVAS:1361412562310844443", "OPENVAS:1361412562310844448", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-2020-12-09-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3979", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2020-5023", "ELSA-2020-5473", "ELSA-2020-5691", "ELSA-2020-5708", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2020-5995", "ELSA-2021-1578", "ELSA-2021-9212", "ELSA-2021-9442"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160681"]}, {"type": "photon", "idList": ["PHSA-2019-2.0-0175", "PHSA-2019-3.0-0046", "PHSA-2020-0266", "PHSA-2020-0282", "PHSA-2020-0288", "PHSA-2020-0294", "PHSA-2020-0295", "PHSA-2020-0296", "PHSA-2020-0303", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0309", "PHSA-2020-1.0-0310", "PHSA-2020-1.0-0323", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0350", "PHSA-2020-2.0-0230", "PHSA-2020-2.0-0266", "PHSA-2020-2.0-0282", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0296", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0174", "PHSA-2021-2.0-0308", "PHSA-2021-3.0-0182"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2020:3389", "RHSA-2020:3432", "RHSA-2020:4286", "RHSA-2020:5026", "RHSA-2021:0686"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0427", "RH:CVE-2020-0431", "RH:CVE-2020-14351", "RH:CVE-2020-25656", "RH:CVE-2020-25669", "RH:CVE-2020-25704", "RH:CVE-2020-28974", "RH:CVE-2020-29661"]}, {"type": "slackware", "idList": ["SSA-2020-163-01", "SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "symantec", "idList": ["SMNTC-110895"]}, {"type": "thn", "idList": ["THN:2C912D2A2005BA770BBD4A4975BD3518", "THN:BCD236457064C9D8673B1536BE370718"]}, {"type": "ubuntu", "idList": ["USN-4258-1", "USN-4284-1", "USN-4287-1", "USN-4287-2", "USN-4364-1", "USN-4368-1", "USN-4369-1", "USN-4369-2", "USN-4392-1", "USN-4393-1", "USN-4657-1", "USN-4658-1", "USN-4658-2", "USN-4659-1", "USN-4659-2", "USN-4660-1", "USN-4660-2", "USN-4679-1", "USN-4680-1", "USN-4681-1", "USN-4683-1", "USN-4912-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15239", "UB:CVE-2019-19078", "UB:CVE-2019-9456", "UB:CVE-2020-0305", "UB:CVE-2020-0427", "UB:CVE-2020-0431", "UB:CVE-2020-10773", "UB:CVE-2020-11668", "UB:CVE-2020-12654", "UB:CVE-2020-14331", "UB:CVE-2020-14351", "UB:CVE-2020-14386", "UB:CVE-2020-15436", "UB:CVE-2020-25645", "UB:CVE-2020-25656", "UB:CVE-2020-25669", "UB:CVE-2020-25704", "UB:CVE-2020-25705", "UB:CVE-2020-28974", "UB:CVE-2020-29370"]}, {"type": "virtuozzo", "idList": ["VZA-2019-086"]}, {"type": "zdi", "idList": ["ZDI-20-1372"]}, {"type": "zdt", "idList": ["1337DAY-ID-35569"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-15239", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2019-19078", "epss": 0.00721, "percentile": 0.77788, "modified": "2023-05-07"}, {"cve": "CVE-2019-9456", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0305", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0427", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0431", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-10773", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-11668", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-12654", "epss": 0.00135, "percentile": 0.47515, "modified": "2023-05-07"}, {"cve": "CVE-2020-14331", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-14351", "epss": 0.00092, "percentile": 0.37989, "modified": "2023-05-07"}, {"cve": "CVE-2020-14386", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-15436", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25645", "epss": 0.00429, "percentile": 0.70687, "modified": "2023-05-07"}, {"cve": "CVE-2020-25656", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25669", "epss": 0.00059, "percentile": 0.22779, "modified": "2023-05-07"}, {"cve": "CVE-2020-25704", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25705", "epss": 0.00275, "percentile": 0.6335, "modified": "2023-05-07"}, {"cve": "CVE-2020-28974", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-29370", "epss": 0.0008, "percentile": 0.32762, "modified": "2023-05-07"}, {"cve": "CVE-2020-29661", "epss": 0.00046, "percentile": 0.12753, "modified": "2023-05-07"}], "vulnersScore": 8.9}, "_state": {"dependencies": 1685302639, "score": 1685284242, "epss": 0}, "_internal": {"score_hash": "e0fcef72c835e13c96e1e0c7bffd3a0e"}, "pluginID": "151419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151419);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-15239\",\n \"CVE-2019-19078\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-10773\",\n \"CVE-2020-11668\",\n \"CVE-2020-12654\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in\n drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink\n camera USB driver) mishandles invalid descriptors, aka\n CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)\n\n - A flaw was found in the way the Linux kernel's\n networking subsystem handled the write queue between\n TCP disconnection and re-connections. A local attacker\n could use this flaw to trigger multiple use-after-free\n conditions potentially escalating their privileges on\n the system.(CVE-2019-15239)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's filesystem subsystem handled a race condition\n in the chrdev_open function. This flaw allows a\n privileged local user to starve the resources, causing\n a denial of service or potentially escalating their\n privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-0305)\n\n - A flaw was found in the Linux pinctrl system. It is\n possible to trigger an of bounds read due to a use\n after free. This could lead to local information\n disclosure with no additional execution privileges\n needed.(CVE-2020-0427)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A flaw was found in the Linux kernel's implementation\n of the invert video code on VGA consoles when a local\n attacker attempts to resize the console, calling an\n ioctl VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - Bodong Zhao discovered a use-after-free in the Sun\n keyboard driver implementation in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or possibly execute arbitrary\n code.(CVE-2020-25669)\n\n - A flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)\n\n - A flaw in ICMP packets in the Linux kernel may allow an\n attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively\n bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly\n affected as well on the Linux Based Products (RUGGEDCOM\n RM1224: All versions between v5.0 and v6.4, SCALANCE\n M-800: All versions between v5.0 and v6.4, SCALANCE\n S615: All versions between v5.0 and v6.4, SCALANCE\n SC-600: All versions prior to v2.1.3, SCALANCE W1750D:\n v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7:\n All versions, SIMATIC MV500 Family: All versions,\n SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions\n 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU:\n Version(CVE-2020-25705)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A flaw was found in the USB monitor driver of the Linux\n kernel. This flaw allows an attacker with physical\n access to the system to crash the system or potentially\n escalate their privileges(CVE-2019-9456)\n\n - A flaw out of bounds write in the Linux kernel human\n interface devices subsystem was found in the way user\n calls find key code by index. A local user could use\n this flaw to crash the system or escalate privileges on\n the system.(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2140\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3064040\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_77\",\n \"kernel-devel-3.10.0-862.14.1.6_77\",\n \"kernel-headers-3.10.0-862.14.1.6_77\",\n \"kernel-tools-3.10.0-862.14.1.6_77\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_77\",\n \"perf-3.10.0-862.14.1.6_77\",\n \"python-perf-3.10.0-862.14.1.6_77\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "solution": "Update the affected kernel packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-29661", "vendor_cvss2": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-07-06T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"debian": [{"lastseen": "2023-03-05T21:14:35", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 18, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.246-2\nCVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 \n CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-0427\n\n Elena Petrova reported a bug in the pinctrl subsystem that can\n lead to a use-after-free after a device is renamed. The security\n impact of this is unclear.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25645\n\n A flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec is\n configured to encrypt traffic for the specific UDP port used by the\n GENEVE tunnel, tunneled data isn't correctly routed over the\n encrypted link and sent unencrypted instead.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-18T12:14:03", "type": "debian", "title": "[SECURITY] [DLA 2494-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-12-18T12:14:03", "id": "DEBIAN:DLA-2494-1:12C95", "href": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-05T21:14:55", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 05, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.160-2~deb9u1\nCVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816\n CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656\n CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705\n CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974\nDebian Bug : 949863 968623 971058\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2019-19039\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n assertion failure (WARN). A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash) if the panic_on_warn kernel parameter is set.\n\nCVE-2019-19377\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to a\n use-after-free. A user permitted to mount and access arbitrary\n filesystems could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2019-19770\n\n The syzbot tool discovered a race condition in the block I/O\n tracer (blktrace) that could lead to a system crash. Since\n blktrace can only be controlled by privileged users, the security\n impact of this is unclear.\n\nCVE-2019-19816\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n out-of-bounds write. A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-0423\n\n A race condition was discovered in the Android binder driver, that\n could result in a use-after-free. On systems using this driver, a\n local user could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28941\n\n Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen\n reader subsystem. Speakup assumed that it would only be bound to\n one terminal (tty) device at a time, but did not enforce this. A\n local user could exploit this bug to cause a denial of service\n (crash or memory exhaustion).\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.160-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-10T11:11:34", "type": "debian", "title": "[SECURITY] [DLA 2483-1] linux-4.19 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19039", "CVE-2019-19377", "CVE-2019-19770", "CVE-2019-19816", "CVE-2020-0423", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-12-10T11:11:34", "id": "DEBIAN:DLA-2483-1:37DA1", "href": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:19:01", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\n\n* [CVE-2020-0427](https://security-tracker.debian.org/tracker/CVE-2020-0427)\nElena Petrova reported a bug in the pinctrl subsystem that can\n lead to a use-after-free after a device is renamed. The security\n impact of this is unclear.\n* [CVE-2020-8694](https://security-tracker.debian.org/tracker/CVE-2020-8694)\nMultiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n\nThis issue can be mitigated by running:\n\n\n`chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj`\n\n\nThis needs to be repeated each time the system is booted with\n an unfixed kernel version.\n* [CVE-2020-14351](https://security-tracker.debian.org/tracker/CVE-2020-14351)\nA race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n\nDebian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n* [CVE-2020-25645](https://security-tracker.debian.org/tracker/CVE-2020-25645)\nA flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec is\n configured to encrypt traffic for the specific UDP port used by the\n GENEVE tunnel, tunneled data isn't correctly routed over the\n encrypted link and sent unencrypted instead.\n* [CVE-2020-25656](https://security-tracker.debian.org/tracker/CVE-2020-25656)\nYuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP\\_SYS\\_TTY\\_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n* [CVE-2020-25668](https://security-tracker.debian.org/tracker/CVE-2020-25668)\nYuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP\\_SYS\\_TTY\\_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n* [CVE-2020-25669](https://security-tracker.debian.org/tracker/CVE-2020-25669)\nBodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n* [CVE-2020-25704](https://security-tracker.debian.org/tracker/CVE-2020-25704)\nkiyin(\u013a\u00b0\u0161\u00e4\u015f\u017d) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n\nDebian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n* [CVE-2020-25705](https://security-tracker.debian.org/tracker/CVE-2020-25705)\nKeyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to poison DNS\n caches with spoofed responses (\"SAD DNS\" attack).\n\n\nThis issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n* [CVE-2020-27673](https://security-tracker.debian.org/tracker/CVE-2020-27673) / [XSA-332](https://xenbits.xen.org/xsa/advisory-332.html)\nJulien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n* [CVE-2020-27675](https://security-tracker.debian.org/tracker/CVE-2020-27675) / [XSA-331](https://xenbits.xen.org/xsa/advisory-331.html)\nJinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n* [CVE-2020-28974](https://security-tracker.debian.org/tracker/CVE-2020-28974)\nYuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP\\_SYS\\_TTY\\_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n\nThe specific ioctl operation affected by this bug\n (KD\\_FONT\\_OP\\_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/linux>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-18T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-0427", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "modified": "2022-08-05T05:18:59", "id": "OSV:DLA-2494-1", "href": "https://osv.dev/vulnerability/DLA-2494-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-05T05:19:00", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\n\n* [CVE-2019-19039](https://security-tracker.debian.org/tracker/CVE-2019-19039)\nTeam bobfuzzer reported a bug in Btrfs that could lead to an\n assertion failure (WARN). A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash) if the panic\\_on\\_warn kernel parameter is set.\n* [CVE-2019-19377](https://security-tracker.debian.org/tracker/CVE-2019-19377)\nTeam bobfuzzer reported a bug in Btrfs that could lead to a\n use-after-free. A user permitted to mount and access arbitrary\n filesystems could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n* [CVE-2019-19770](https://security-tracker.debian.org/tracker/CVE-2019-19770)\nThe syzbot tool discovered a race condition in the block I/O\n tracer (blktrace) that could lead to a system crash. Since\n blktrace can only be controlled by privileged users, the security\n impact of this is unclear.\n* [CVE-2019-19816](https://security-tracker.debian.org/tracker/CVE-2019-19816)\nTeam bobfuzzer reported a bug in Btrfs that could lead to an\n out-of-bounds write. A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n* [CVE-2020-0423](https://security-tracker.debian.org/tracker/CVE-2020-0423)\nA race condition was discovered in the Android binder driver, that\n could result in a use-after-free. On systems using this driver, a\n local user could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n* [CVE-2020-8694](https://security-tracker.debian.org/tracker/CVE-2020-8694)\nMultiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n\nThis issue can be mitigated by running:\n\n\n`chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj`\n\n\nThis needs to be repeated each time the system is booted with\n an unfixed kernel version.\n* [CVE-2020-14351](https://security-tracker.debian.org/tracker/CVE-2020-14351)\nA race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n\nDebian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n* [CVE-2020-25656](https://security-tracker.debian.org/tracker/CVE-2020-25656)\nYuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP\\_SYS\\_TTY\\_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n* [CVE-2020-25668](https://security-tracker.debian.org/tracker/CVE-2020-25668)\nYuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP\\_SYS\\_TTY\\_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n* [CVE-2020-25669](https://security-tracker.debian.org/tracker/CVE-2020-25669)\nBodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n* [CVE-2020-25704](https://security-tracker.debian.org/tracker/CVE-2020-25704)\nkiyin(\u013a\u00b0\u0161\u00e4\u015f\u017d) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n\nDebian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n* [CVE-2020-25705](https://security-tracker.debian.org/tracker/CVE-2020-25705)\nKeyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to poison DNS\n caches with spoofed responses (\"SAD DNS\" attack).\n\n\nThis issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n* [CVE-2020-27673](https://security-tracker.debian.org/tracker/CVE-2020-27673) / [XSA-332](https://xenbits.xen.org/xsa/advisory-332.html)\nJulien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n* [CVE-2020-27675](https://security-tracker.debian.org/tracker/CVE-2020-27675) / [XSA-331](https://xenbits.xen.org/xsa/advisory-331.html)\nJinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n* [CVE-2020-28941](https://security-tracker.debian.org/tracker/CVE-2020-28941)\nShisong Qin and Bodong Zhao discovered a bug in the Speakup screen\n reader subsystem. Speakup assumed that it would only be bound to\n one terminal (tty) device at a time, but did not enforce this. A\n local user could exploit this bug to cause a denial of service\n (crash or memory exhaustion).\n* [CVE-2020-28974](https://security-tracker.debian.org/tracker/CVE-2020-28974)\nYuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP\\_SYS\\_TTY\\_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n\nThe specific ioctl operation affected by this bug\n (KD\\_FONT\\_OP\\_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.160-2~deb9u1.\n\n\nWe recommend that you upgrade your linux-4.19 packages.\n\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/linux-4.19>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2020-12-05T00:00:00", "type": "osv", "title": "linux-4.19 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25705", "CVE-2019-19770", "CVE-2020-27675", "CVE-2019-19816", "CVE-2019-19039", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2019-19377", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-0423", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-4788", "CVE-2020-25704"], "modified": "2022-08-05T05:18:58", "id": "OSV:DLA-2483-1", "href": "https://osv.dev/vulnerability/DLA-2483-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-17T14:45:28", "description": "In blkdev_get of block_dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-01T00:00:00", "type": "osv", "title": "Android Vomit Report", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15436"], "modified": "2023-04-17T14:43:58", "id": "OSV:ASB-A-174737742", "href": "https://osv.dev/vulnerability/ASB-A-174737742", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:26:01", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.\n\nCVE-2020-0427\n\nElena Petrova reported a bug in the pinctrl subsystem that can lead to a use-after-free after a device is renamed. The security impact of this is unclear.\n\nCVE-2020-8694\n\nMultiple researchers discovered that the powercap subsystem allowed all users to read CPU energy meters, by default. On systems using Intel CPUs, this provided a side channel that could leak sensitive information between user processes, or from the kernel to user processes. The energy meters are now readable only by root, by default.\n\nThis issue can be mitigated by running :\n\nchmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\nThis needs to be repeated each time the system is booted with an unfixed kernel version.\n\nCVE-2020-14351\n\nA race condition was discovered in the performance events subsystem, which could lead to a use-after-free. A local user permitted to access performance events could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nDebian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue.\n\nCVE-2020-25645\n\nA flaw was discovered in the interface driver for GENEVE encapsulated traffic when combined with IPsec. If IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel, tunneled data isn't correctly routed over the encrypted link and sent unencrypted instead.\n\nCVE-2020-25656\n\nYuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with the CAP_SYS_TTY_CONFIG capability could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25668\n\nYuan Ming and Bodong Zhao discovered a race condition in the virtual terminal (vt) driver that could lead to a use-after-free. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25669\n\nBodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) that could lead to a use-after-free. On a system using this driver, a local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\nkiyin(尹亮) discovered a potential memory leak in the performance events subsystem. A local user permitted to access performance events could use this to cause a denial of service (memory exhaustion).\n\nDebian's kernel configuration does not allow unprivileged users to access peformance events by default, which fully mitigates this issue.\n\nCVE-2020-25705\n\nKeyu Man reported that strict rate-limiting of ICMP packet transmission provided a side-channel that could help networked attackers to carry out packet spoofing. In particular, this made it practical for off-path networked attackers to 'poison' DNS caches with spoofed responses ('SAD DNS' attack).\n\nThis issue has been mitigated by randomising whether packets are counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\nJulien Grall from Arm discovered a bug in the Xen event handling code.\nWhere Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (excessive CPU usage or hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\nJinoh Kang of Theori discovered a race condition in the Xen event handling code. Where Linux was used in a Xen dom0, unprivileged (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\nYuan Ming discovered a bug in the virtual terminal (vt) driver that could lead to an out-of-bounds read. A local user with access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could possibly use this to obtain sensitive information from the kernel or to cause a denial of service (crash).\n\nThe specific ioctl operation affected by this bug (KD_FONT_OP_COPY) has been disabled, as it is not believed that any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-21T00:00:00", "type": "nessus", "title": "Debian DLA-2494-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2494.NASL", "href": "https://www.tenable.com/plugins/nessus/144494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2494-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144494);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-0427\", \"CVE-2020-14351\", \"CVE-2020-25645\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25669\", \"CVE-2020-25704\", \"CVE-2020-25705\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-28974\", \"CVE-2020-8694\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Debian DLA-2494-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-0427\n\nElena Petrova reported a bug in the pinctrl subsystem that can lead to\na use-after-free after a device is renamed. The security impact of\nthis is unclear.\n\nCVE-2020-8694\n\nMultiple researchers discovered that the powercap subsystem allowed\nall users to read CPU energy meters, by default. On systems using\nIntel CPUs, this provided a side channel that could leak sensitive\ninformation between user processes, or from the kernel to user\nprocesses. The energy meters are now readable only by root, by\ndefault.\n\nThis issue can be mitigated by running :\n\nchmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\nThis needs to be repeated each time the system is booted\nwith an unfixed kernel version.\n\nCVE-2020-14351\n\nA race condition was discovered in the performance events subsystem,\nwhich could lead to a use-after-free. A local user permitted to access\nperformance events could use this to cause a denial of service (crash\nor memory corruption) or possibly for privilege escalation.\n\nDebian's kernel configuration does not allow unprivileged\nusers to access peformance events by default, which fully\nmitigates this issue.\n\nCVE-2020-25645\n\nA flaw was discovered in the interface driver for GENEVE encapsulated\ntraffic when combined with IPsec. If IPsec is configured to encrypt\ntraffic for the specific UDP port used by the GENEVE tunnel, tunneled\ndata isn't correctly routed over the encrypted link and sent\nunencrypted instead.\n\nCVE-2020-25656\n\nYuan Ming and Bodong Zhao discovered a race condition in the virtual\nterminal (vt) driver that could lead to a use-after-free. A local user\nwith the CAP_SYS_TTY_CONFIG capability could use this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2020-25668\n\nYuan Ming and Bodong Zhao discovered a race condition in the virtual\nterminal (vt) driver that could lead to a use-after-free. A local user\nwith access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\ncapability, could use this to cause a denial of service (crash or\nmemory corruption) or possibly for privilege escalation.\n\nCVE-2020-25669\n\nBodong Zhao discovered a bug in the Sun keyboard driver (sunkbd) that\ncould lead to a use-after-free. On a system using this driver, a local\nuser could use this to cause a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\nkiyin(尹亮) discovered a potential memory leak in the\nperformance events subsystem. A local user permitted to access\nperformance events could use this to cause a denial of service (memory\nexhaustion).\n\nDebian's kernel configuration does not allow unprivileged\nusers to access peformance events by default, which fully\nmitigates this issue.\n\nCVE-2020-25705\n\nKeyu Man reported that strict rate-limiting of ICMP packet\ntransmission provided a side-channel that could help networked\nattackers to carry out packet spoofing. In particular, this made it\npractical for off-path networked attackers to 'poison' DNS caches with\nspoofed responses ('SAD DNS' attack).\n\nThis issue has been mitigated by randomising whether packets\nare counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\nJulien Grall from Arm discovered a bug in the Xen event handling code.\nWhere Linux was used in a Xen dom0, unprivileged (domU) guests could\ncause a denial of service (excessive CPU usage or hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\nJinoh Kang of Theori discovered a race condition in the Xen event\nhandling code. Where Linux was used in a Xen dom0, unprivileged (domU)\nguests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\nYuan Ming discovered a bug in the virtual terminal (vt) driver that\ncould lead to an out-of-bounds read. A local user with access to a\nvirtual terminal, or with the CAP_SYS_TTY_CONFIG capability, could\npossibly use this to obtain sensitive information from the kernel or\nto cause a denial of service (crash).\n\nThe specific ioctl operation affected by this bug\n(KD_FONT_OP_COPY) has been disabled, as it is not believed\nthat any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25669\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.246-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.246-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:13:11", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0558 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:0558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/146535", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0558. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146535);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:0558\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0558)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0558 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0558');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.15.1.el8_3', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:03", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:0558 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2021:0558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-whitelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/157506", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:0558.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157506);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"ALSA\", value:\"2021:0558\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2021:0558)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:0558 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-0558.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:0558');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:16", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0558 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2021-0558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2021-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/146568", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0558.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146568);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-0558)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0558 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0558.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-240.15.1.el8_3'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-0558');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0537 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:0537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-0537.NASL", "href": "https://www.tenable.com/plugins/nessus/146551", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0537. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146551);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:0537\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:0537)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0537 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0537');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:04:09", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5967", "CVE-2020-0305", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-2732"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/146181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146181);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-5967\",\n \"CVE-2020-0305\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-2732\",\n \"CVE-2020-10773\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9,\n when CONFIG_TIMER_STATS is enabled, allows local users\n to discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM\n hypervisor handled instruction emulation for an L2\n guest when nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1200\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac6252fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h494.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:14", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)\n\n - To mitigate this issue, prevent the module nouveau from being loaded. Please see <a href='https://access.redhat.com/solutions/41278'>https:\n //access.redhat.com/solutions/41278</a> for information on how to blacklist a kernel module to prevent it from loading automatically.(CVE-2020-27820)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0305", "CVE-2020-12352", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-debuginfo", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:perf-debuginfo", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python-perf-debuginfo", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1454.NASL", "href": "https://www.tenable.com/plugins/nessus/147559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147559);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0305\",\n \"CVE-2020-12352\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the Linux kernel's implementation\n of the invert video code on VGA consoles when a local\n attacker attempts to resize the console, calling an\n ioctl VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)\n\n - To mitigate this issue, prevent the module nouveau from\n being loaded. Please see <a\n href='https://access.redhat.com/solutions/41278'>https:\n //access.redhat.com/solutions/41278</a> for information\n on how to blacklist a kernel module to prevent it from\n loading automatically.(CVE-2020-27820)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1454\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f469041\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_122\",\n \"kernel-debuginfo-3.10.0-862.14.1.6_122\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.1.6_122\",\n \"kernel-devel-3.10.0-862.14.1.6_122\",\n \"kernel-headers-3.10.0-862.14.1.6_122\",\n \"kernel-source-3.10.0-862.14.1.6_122\",\n \"kernel-tools-3.10.0-862.14.1.6_122\",\n \"kernel-tools-debuginfo-3.10.0-862.14.1.6_122\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_122\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_122\",\n \"perf-3.10.0-862.14.1.6_122\",\n \"perf-debuginfo-3.10.0-862.14.1.6_122\",\n \"python-perf-3.10.0-862.14.1.6_122\",\n \"python-perf-debuginfo-3.10.0-862.14.1.6_122\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:44", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-29661", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5", "p-cpe:/a:zte:cgsl_core:kernel-sign-keys", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf"], "id": "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/154517", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0104. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154517);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0104)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0104\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:48", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886).\n\n - CVE-2020-25669: A use-after-free in teardown paths of sunkbd was fixed (bsc#1178182).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782).\n\n - CVE-2020-25704: A a memory leak in perf_event_parse_addr_filter() was foxed (bsc#1178393, CVE-2020-25704).\n\nThe following non-security bugs were fixed :\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - bpf: Zero-fill re-used per-cpu map element (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right context (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n\n - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).\n\n - drm/vc4: drv: Add error handding for bind (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size.\n\n - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665).\n\n - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665).\n\n - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854).\n\n - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n\n - locking/lockdep: Add debug_locks check in\n __lock_downgrade() (bsc#1050549).\n\n - locking/percpu-rwsem: Use this_cpu_(inc,dec)() for read_count (bsc#1050549).\n\n - locktorture: Print ratio of acquisitions, not failures (bsc#1050549).\n\n - mac80211: minstrel: fix tx status processing corner case (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n\n - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n\n - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878).\n\n - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx4_core: Fix init_hca fields offset (git-fixes).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n\n - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630).\n\n - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n\n - pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n\n - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - regulator: avoid resolve_supply() infinite recursion (git-fixes).\n\n - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n\n - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n\n - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes).\n\n - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n\n - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages (git-fixes).\n\n - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions (git-fixes).", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28915"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2034.NASL", "href": "https://www.tenable.com/plugins/nessus/143314", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2034.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143314);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-28915\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer\n layer) in the fbcon code could be used by local\n attackers to read kernel memory, aka CID-6735b4632def\n (bnc#1178886).\n\n - CVE-2020-25669: A use-after-free in teardown paths of\n sunkbd was fixed (bsc#1178182).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are\n limited in the Linux kernel functionality was found that\n allowed to quickly scan open UDP ports. This flaw\n allowed an off-path remote user to effectively bypassing\n source port UDP randomization. The highest threat from\n this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions may be vulnerable to this issue\n (bnc#1175721 bnc#1178782).\n\n - CVE-2020-25704: A a memory leak in\n perf_event_parse_addr_filter() was foxed (bsc#1178393,\n CVE-2020-25704).\n\nThe following non-security bugs were fixed :\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - bpf: Zero-fill re-used per-cpu map element (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in can_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right\n context (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state\n change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init\n mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb,\n then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift\n of a int (git-fixes).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry\n (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page\n for kernel_sendpage() (bsc#1172873).\n\n - drm/i915: Break up error capture compression loops with\n cond_resched() (git-fixes).\n\n - drm/vc4: drv: Add error handding for bind (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and\n arm64 (bsc#1178838). Also fix the ppc64 page size.\n\n - fs/proc/array.c: allow reporting eip/esp for all\n coredumping threads (bsc#1050549).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context\n (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in\n put_pi_state() (bsc#1067665).\n\n - futex: Handle transient 'ownerless' rtmutex state\n correctly (bsc#1067665).\n\n - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: deal with bpf API differences in 4.12\n (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs\n (bsc#1177819, bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature\n flag (bsc#1178853, bsc#1178854).\n\n - hv_netvsc: record hardware hash in skb (bsc#1178853,\n bsc#1178854).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - inet_diag: Fix error path to cancel the meseage in\n inet_req_diag_fill() (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe()\n (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from\n timer_fn when it is being canceled (git-fixes).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage()\n (bsc#1172873).\n\n - locking/lockdep: Add debug_locks check in\n __lock_downgrade() (bsc#1050549).\n\n - locking/percpu-rwsem: Use this_cpu_(inc,dec)() for\n read_count (bsc#1050549).\n\n - locktorture: Print ratio of acquisitions, not failures\n (bsc#1050549).\n\n - mac80211: minstrel: fix tx status processing corner case\n (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code\n (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection\n erratum for more SoCs (git-fixes).\n\n - mm/memcg: fix refcount error while moving and swapping\n (bsc#1178686).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper\n zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code\n readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all\n files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function\n (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names\n (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics\n (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues\n (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit\n resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings\n (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy\n (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions\n (bsc#1177397).\n\n - netfilter: nat: can't use dst_hold on noref dst\n (bsc#1178878).\n\n - net: introduce helper sendpage_ok() in\n include/linux/net.h (bsc#1172873). kABI workaround for\n including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx4_core: Fix init_hca fields offset (git-fixes).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition\n (git-fixes).\n\n - NFSv4.1: fix handling of backchannel binding in\n BIND_CONN_TO_SESSION (bsc#1170630).\n\n - nvme-tcp: check page by sendpage_ok() before calling\n kernel_sendpage() (bsc#1172873).\n\n - pinctrl: intel: Set default bias in case no particular\n value given (git-fixes).\n\n - powerpc/pseries/cpuidle: add polling idle for shared\n processor guests (bsc#1178765 ltc#188968).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - regulator: avoid resolve_supply() infinite recursion\n (git-fixes).\n\n - regulator: fix memory leak with repeated\n set_machine_constraints() (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on\n the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators\n (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices'\n (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions\n between interrupt context (git-fixes).\n\n - scsi: libiscsi: use sendpage_ok() in\n iscsi_tcp_segment_map() (bsc#1172873).\n\n - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not\n supported (git-fixes).\n\n - thunderbolt: Add the missed ida_simple_remove() in\n ring_request_msix() (git-fixes).\n\n - time: Prevent undefined behaviour in timespec64_to_ns()\n (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive\n (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages\n (git-fixes).\n\n - usb: host: ehci-tegra: Fix error handling in\n tegra_ehci_probe() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso\n JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card\n (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203,\n 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support\n (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055\n (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition\n (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device\n (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks\n (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting\n shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.83.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147835", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0856. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147835);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0856\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1883988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-0427', 'CVE-2020-7053', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25645', 'CVE-2020-25656', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29661', 'CVE-2021-20265');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0856');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:40", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0857 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:0857)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-0857.NASL", "href": "https://www.tenable.com/plugins/nessus/147827", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0857. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147827);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0857\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:0857)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0857 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1883988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-0427', 'CVE-2020-7053', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25645', 'CVE-2020-25656', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29661', 'CVE-2021-20265');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0857');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.21.1.rt56.1158.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:05:38", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-18T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147885", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0856 and\n# CentOS Errata and Security Advisory 2021:0856 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147885);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0856\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-March/048295.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7bf93600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:32", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0856 advisory.\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug"], "id": "ORACLELINUX_ELSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147861", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0856.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147861);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0856 advisory.\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0856.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.21.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-0856');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0686 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:0686)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra"], "id": "REDHAT-RHSA-2021-0686.NASL", "href": "https://www.tenable.com/plugins/nessus/147011", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0686. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147011);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0686\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0686)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0686 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0686');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-core / kernel-debug / kernel-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:00", "description": "The version of kernel installed on the remote host is prior to 5.4.80-40.140. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-018 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-28974"], "modified": "2022-06-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-018.NASL", "href": "https://www.tenable.com/plugins/nessus/160441", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160441);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/07\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-28974\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.80-40.140. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-018 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly\n synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-14351.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25656.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25668.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25704.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-27673.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-27675.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-28974.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2020-14351\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25704\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-28974\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-018\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.80-40.140.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.80-40.140.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.80-40.140.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:15", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143860);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9106a420\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:07", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25656", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/146701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25656\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5285fd5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h255\",\n \"kernel-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-headers-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h255\",\n \"perf-3.10.0-327.62.59.83.h255\",\n \"python-perf-3.10.0-327.62.59.83.h255\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:05", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1028 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-21T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:1028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1028.NASL", "href": "https://www.tenable.com/plugins/nessus/148886", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1028. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148886);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:1028\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:1028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1028 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1028');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.46.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.46.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:09:55", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2019-9456", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1079.NASL", "href": "https://www.tenable.com/plugins/nessus/145201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145201);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-3701\",\n \"CVE-2019-9456\",\n \"CVE-2019-9458\",\n \"CVE-2020-0305\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a\n use after free due to a race condition. This could lead\n to local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. The privileged user 'root' with CAP_NET_ADMIN\n can create a CAN frame modification rule that makes the\n data length code a higher value than the available CAN\n frame data size. In combination with a configured\n checksum calculation where the result is stored\n relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list\n pointer in skb_shared_info) can be rewritten which\n finally can cause a system crash. Because of a missing\n check, the CAN drivers may write arbitrary content\n beyond the data registers in the CAN controller's I/O\n memory when processing can-gw manipulated outgoing\n frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able\n to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering\n use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/ netfilter/\n nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1079\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83f9eb52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h296\",\n \"kernel-devel-3.10.0-514.44.5.10.h296\",\n \"kernel-headers-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h296\",\n \"perf-3.10.0-514.44.5.10.h296\",\n \"python-perf-3.10.0-514.44.5.10.h296\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:27", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0765 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:0765)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-0765.NASL", "href": "https://www.tenable.com/plugins/nessus/147207", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0765. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147207);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0765\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0765)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0765 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 119, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0765');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0774 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:0774)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-0774.NASL", "href": "https://www.tenable.com/plugins/nessus/147212", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0774. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147212);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0774\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:0774)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0774 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 119, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0774');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:19", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: provide survey info as accumulated data (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks (bsc#1178183).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n\n - btrfs: drop path before adding new uuid tree entry (bsc#1178176).\n\n - btrfs: fix filesystem corruption after a device replace (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).\n\n - btrfs: fix space cache memory leak after transaction abort (bsc#1178173).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n\n - btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).\n\n - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name (git-fixes).\n\n - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - cxgb4: fix memory leak during module unload (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find() (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).\n\n - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes (bsc#1149032).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).\n\n - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes).\n\n - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update() (git-fixes).\n\n - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n\n - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11).\n\n - ipvlan: fix device features (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).\n\n - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n\n - mm: do not panic when links can't be created in sysfs (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output (git-fixes).\n\n - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute (git-fixes).\n\n - module: statically initialize init section freeing data (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec (networking-stable-20_09_24).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n\n - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n\n - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes).\n\n - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading (git-fixes).\n\n - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n\n - rtc: rx8010: do not modify the global rtc ops (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743).\n\n - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - taprio: Fix allowing too small intervals (networking-stable-20_09_24).\n\n - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields() before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n\n - uio: free uio id after uio file node is freed (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970 (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n\n - usblp: fix race between disconnect() and read() (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743).\n\n - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).", "cvss3": {}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1906.NASL", "href": "https://www.tenable.com/plugins/nessus/142945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1906.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142945);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-25285\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-8694\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25704: Fixed a memory leak in\n perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer\n they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers\n (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb\n sysctl handlers in mm/hugetlb.c in the Linux kernel\n could be used by local attackers to corrupt memory,\n cause a NULL pointer dereference, or possibly have\n unspecified other impact, aka CID-17743798d812\n (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access\n (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in\n overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel\n was removed which could lead to e.g. the SADDNS attack\n (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input\n device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix\n refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc()\n (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK()\n macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to\n separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close\n (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420\n (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be\n detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO\n machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static\n clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue\n (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence\n (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment\n (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly\n (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in\n imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver\n (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup\n function (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly\n (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC\n enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages\n (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if\n ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in\n btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before\n unregistering (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode\n (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below\n patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree\n (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks\n (bsc#1178183).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: drop path before adding new uuid tree entry\n (bsc#1178176).\n\n - btrfs: fix filesystem corruption after a device replace\n (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to\n create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a\n message (bsc#1178191).\n\n - btrfs: fix space cache memory leak after transaction\n abort (bsc#1178173).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of\n all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into\n btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reschedule if necessary when logging directory\n items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when\n processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after\n orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes\n (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers\n (bsc#1178186).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup\n completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from\n driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk\n for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data\n during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical\n (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - cxgb4: fix memory leak during module unload\n (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX\n (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for\n coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in\n dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic\n coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or\n decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in\n dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general\n (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory\n area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method\n overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if\n dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898,\n ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before\n access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals\n only (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA\n remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select\n GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained\n (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into\n dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted\n (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp\n mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898,\n ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL\n (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA\n (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in\n atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU\n mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size\n systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: make sure atomic pool suits device\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory\n zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with\n memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap\n code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support\n (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry\n (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs\n (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems\n (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector()\n (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find()\n (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path\n (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in\n exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo\n (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping\n GPIO chips (git-fixes).\n\n - futex: Adjust absolute futex timeouts with per time\n namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean\n (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling\n (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes\n (bsc#1149032).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting\n (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard\n dock (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting\n called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve\n boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe()\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator\n (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when\n slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update()\n (git-fixes).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing\n module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - iommu/vt-d: Gracefully handle DMAR units with no\n supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init()\n (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del()\n (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy\n (networking-stable-20_09_11).\n\n - ipvlan: fix device features\n (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage\n (bsc#1177353).\n\n - kallsyms: Refactor kallsyms_show_value() to take cred\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when\n recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP\n mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode\n unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from\n s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically\n (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing\n DT (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list\n iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having\n any effect (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in\n venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF\n (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mm: do not panic when links can't be created in sysfs\n (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug\n operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context\n (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon\n (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output\n (git-fixes).\n\n - module: Do not expose section addresses to\n non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute\n (git-fixes).\n\n - module: statically initialize init section freeing data\n (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow\n (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path\n in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO\n (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference\n the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in\n skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout\n (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config\n (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable\n in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure\n (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled\n (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done()\n (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI\n (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again\n (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged\n eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not\n supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX\n timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN\n (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in\n tcf_ct_handle_fragments() error flow\n (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in\n sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams\n (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump()\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (networking-stable-20_09_24).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe\n (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration\n (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - PCI: aardvark: Check for errors from\n pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power\n managed by ACPI (git-fixes).\n\n - percpu: fix first chunk size calculation for populated\n bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle\n events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range\n (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser\n (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification (bsc#1177353).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests\n (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on\n link removal (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit\n (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by\n perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969\n jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode\n (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all\n types (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - qtnfmac: fix resource leaks on unsupported iftype error\n return path (git-fixes).\n\n - r8169: fix issue with forced threading in combination\n with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading\n (git-fixes).\n\n - rapidio: fix the missed put_device() for\n rio_mport_add_riodev (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - reset: sti: reset-syscfg: fix struct description\n warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtc: rx8010: do not modify the global rtc ops\n (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801\n LTC#188735).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA\n allocations (bsc#1175898, ECO-2743).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida\n (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core\n (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down\n callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success\n (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and\n s3c64xx_enable_datapath() (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb\n endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic\n context (git-fixes).\n\n - taprio: Fix allowing too small intervals\n (networking-stable-20_09_24).\n\n - time: Prevent undefined behaviour in timespec64_to_ns()\n (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member()\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields()\n before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - uio: free uio id after uio file node is freed\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after\n CLEAR_STALL (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method\n for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970\n (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usblp: fix race between disconnect() and read()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso\n JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card\n (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition\n (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device\n (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a\n runtime suspended host (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register\n (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3\n (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing\n (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB\n mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is\n affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use\n coherent pools (bsc#1175898, ECO-2743).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large\n buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's\n query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt\n device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr\n fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes\n file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free\n log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the\n end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring\n buffer is set (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:57", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)kernel:use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)kernel: powerpc: RTAS calls can be used to compromise kernel integrity(CVE-2020-27777)There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)kernel: race condition in fg_console can lead to use-after-free in con_font_op(CVE-2020-25668)A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports.\n This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0431", "CVE-2020-10690", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-4788", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2514.NASL", "href": "https://www.tenable.com/plugins/nessus/144168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144168);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0431\",\n \"CVE-2020-4788\",\n \"CVE-2020-8694\",\n \"CVE-2020-10690\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux\n kernel before 5.7.5. The copy-on-write implementation\n can grant unintended write access because of a race\n condition in a THP mapcount check, aka\n CID-c444eb564fb1.(CVE-2020-29368)An issue was\n discovered in kmem_cache_alloc_bulk in mm/slub.c in the\n Linux kernel before 5.5.11. The slowpath lacks the\n required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)An issue was\n discovered in the Linux kernel before 5.2.6. On NUMA\n systems, the Linux fair scheduler has a use-after-free\n in show_numa_stats() because NUMA fault statistics are\n inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)kernel:use-after-free\n read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)A buffer\n over-read (at the framebuffer layer) in the fbcon code\n in the Linux kernel before 5.8.15 could be used by\n local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)IBM Power9 (AIX 7.1,\n 7.2, and VIOS 3.1) processors could allow a local user\n to obtain sensitive information from the data in the L1\n cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)kernel: powerpc: RTAS calls can\n be used to compromise kernel\n integrity(CVE-2020-27777)There is a use-after-free in\n kernel versions before 5.5 due to a race condition\n between the release of ptp_clock and cdev while\n resource deallocation. When a (high privileged) process\n allocates a ptp device file (like /dev/ptpX) and\n voluntarily goes to sleep. During this time if the\n underlying device is removed, it can cause an\n exploitable condition as the process wakes up to\n terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)An issue was discovered in the\n Linux kernel through 5.9.1, as used with Xen through\n 4.14.x. Guest OS users can cause a denial of service\n (host OS hang) via a high rate of events to dom0, aka\n CID-e99502f76271.(CVE-2020-27673)An issue was\n discovered in the Linux kernel through 5.9.1, as used\n with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw\n memory leak in the Linux kernel performance monitoring\n subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)Insufficient access control in\n the Linux kernel driver for some Intel(R) Processors\n may allow an authenticated user to potentially enable\n information disclosure via local\n access.(CVE-2020-8694)kernel: race condition in\n fg_console can lead to use-after-free in\n con_font_op(CVE-2020-25668)A flaw in the way reply ICMP\n packets are limited in the Linux kernel functionality\n was found that allows to quickly scan open UDP ports.\n This flaw allows an off-path remote user to effectively\n bypassing source port UDP randomization. The highest\n threat from this vulnerability is to confidentiality\n and possibly integrity, because software that relies on\n UDP source port randomization are indirectly affected\n as well. Kernel versions before 5.10 may be vulnerable\n to this issue.(CVE-2020-25705)A slab-out-of-bounds read\n in fbcon in the Linux kernel before 5.9.7 could be used\n by local attackers to read privileged information or\n potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height.(CVE-2020-28974)A flaw was found in the\n Linux kernel. A use-after-free was found in the way the\n console subsystem was using ioctls KDGKBSENT and\n KDSKBSENT. A local user could use this flaw to get read\n memory access out of bounds. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-25656)In kbd_keycode of\n keyboard.c, there is a possible out of bounds write due\n to a missing bounds check. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2514\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc260590\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "The version of kernel installed on the remote host is prior to 4.14.209-117.337. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1461 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2021-1461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1461.NASL", "href": "https://www.tenable.com/plugins/nessus/145005", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1461.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1461\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1461)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.209-117.337. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1461 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1461.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19770\", \"CVE-2020-8694\", \"CVE-2020-14351\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25669\", \"CVE-2020-25704\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-27777\", \"CVE-2020-28941\", \"CVE-2020-28974\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1461\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-i686-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:50", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1462 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nThis plugin has been deprecated due to Amazon pulling the previously published advisory.", "cvss3": {}, "published": "2020-12-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2020-1462) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-12-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1462.NASL", "href": "https://www.tenable.com/plugins/nessus/144464", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020-12-23 due to Amazon pulling the previsouly published advisory.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1462.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144464);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/23\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1462\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2020-1462) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1462 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\n\nThis plugin has been deprecated due to Amazon pulling the previously published advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated due to Amazon pulling the previously published advisory.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:11", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1566 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.209-160.335", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1566.NASL", "href": "https://www.tenable.com/plugins/nessus/143589", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1566.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143589);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1566\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1566 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.209-160.335\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19770\", \"CVE-2020-8694\", \"CVE-2020-14351\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25669\", \"CVE-2020-25704\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-27777\", \"CVE-2020-28941\", \"CVE-2020-28974\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1566\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.209-160.335-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.

EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)

Description

Related