Fedora 27 : kernel (2018-22d5fa8a90)

2018-01-15T00:00:00

Description

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "FEDORA_2018-22D5FA8A90.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 27 : kernel (2018-22d5fa8a90)", "description": "The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-15T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/106024", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17852", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17857", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17862", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17863", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17864", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17855", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17853", "https://bodhi.fedoraproject.org/updates/FEDORA-2018-22d5fa8a90", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17854", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17856"], "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "immutableFields": [], "lastseen": "2022-07-18T19:12:06", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201801-1", "ASA-201801-2", "ASA-201801-3", "ASA-201801-4"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4073-1:79398"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-17852", "DEBIANCVE:CVE-2017-17853", "DEBIANCVE:CVE-2017-17854", "DEBIANCVE:CVE-2017-17855", "DEBIANCVE:CVE-2017-17856", "DEBIANCVE:CVE-2017-17857", "DEBIANCVE:CVE-2017-17862", "DEBIANCVE:CVE-2017-17863", "DEBIANCVE:CVE-2017-17864"]}, {"type": "f5", "idList": ["F5:K05535399", "F5:K85664507"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4A25C608E179", "FEDORA:5D742610B071", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:C88F6601BD0C", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "mageia", "idList": ["MGASA-2018-0062", "MGASA-2018-0063", "MGASA-2018-0064"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4073.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1532.NASL", "FEDORA_2018-8ED5EFF2C0.NASL", "OPENSUSE-2018-153.NASL", "SUSE_SU-2018-0383-1.NASL", "SUSE_SU-2018-0416-1.NASL", "SUSE_SU-2021-3935-1.NASL", "UBUNTU_USN-3523-1.NASL", "UBUNTU_USN-3523-2.NASL", "UBUNTU_USN-3523-3.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704073", "OPENVAS:1361412562310843409", "OPENVAS:1361412562310843416", "OPENVAS:1361412562310843418", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310851698", "OPENVAS:1361412562310873968", "OPENVAS:1361412562310873973", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875334", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191532"]}, {"type": "osv", "idList": ["OSV:DSA-4073-1"]}, {"type": "photon", "idList": ["PHSA-2018-0009", "PHSA-2018-0107"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-17852", "RH:CVE-2017-17853", "RH:CVE-2017-17854", "RH:CVE-2017-17855", "RH:CVE-2017-17856", "RH:CVE-2017-17857", "RH:CVE-2017-17862", "RH:CVE-2017-17863", "RH:CVE-2017-17864"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0408-1", "SUSE-SU-2018:0383-1", "SUSE-SU-2018:0416-1", "SUSE-SU-2018:0482-1", "SUSE-SU-2018:0986-1"]}, {"type": "ubuntu", "idList": ["USN-3523-1", "USN-3523-2", "USN-3523-3", "USN-3619-1", "USN-3619-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17852", "UB:CVE-2017-17853", "UB:CVE-2017-17854", "UB:CVE-2017-17855", "UB:CVE-2017-17856", "UB:CVE-2017-17857", "UB:CVE-2017-17862", "UB:CVE-2017-17863", "UB:CVE-2017-17864"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201801-1", "ASA-201801-2", "ASA-201801-4"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4073-1:79398"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-17852", "DEBIANCVE:CVE-2017-17853", "DEBIANCVE:CVE-2017-17854", "DEBIANCVE:CVE-2017-17855", "DEBIANCVE:CVE-2017-17856", "DEBIANCVE:CVE-2017-17857", "DEBIANCVE:CVE-2017-17862", "DEBIANCVE:CVE-2017-17863", "DEBIANCVE:CVE-2017-17864"]}, {"type": "f5", "idList": ["F5:K05535399", "F5:K85664507"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4A25C608E179", "FEDORA:5D742610B071", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:C88F6601BD0C", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2017-17862/", "MSF:ILITIES/UBUNTU-CVE-2017-17862/", "MSF:ILITIES/UBUNTU-CVE-2017-17863/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4073.NASL", "FEDORA_2018-8ED5EFF2C0.NASL", "LINUX_ALT_PATCH_DETECT.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704073", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427"]}, {"type": "photon", "idList": ["PHSA-2018-0009"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-17863", "RH:CVE-2017-17864"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0383-1"]}, {"type": "ubuntu", "idList": ["USN-3523-2", "USN-3523-3", "USN-3619-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17852", "UB:CVE-2017-17853", "UB:CVE-2017-17854", "UB:CVE-2017-17855", "UB:CVE-2017-17856", "UB:CVE-2017-17857", "UB:CVE-2017-17862", "UB:CVE-2017-17864"]}]}, "exploitation": null, "vulnersScore": -0.3}, "_state": {"dependencies": 1660032824, "score": 1660033902}, "_internal": {"score_hash": "e720c0f4718b3501ad8e2c6492611e04"}, "pluginID": "106024", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-22d5fa8a90.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n script_xref(name:\"FEDORA\", value:\"2018-22d5fa8a90\");\n\n script_name(english:\"Fedora 27 : kernel (2018-22d5fa8a90)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.14.11 stable kernel update contains a number of important fixes\nacross the tree. This also includes the KPTI patches to mitigate the\nMeltdown vulnerability for x86 architectures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-22d5fa8a90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-22d5fa8a90\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.14.11-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "solution": "Update the affected kernel package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2018-01-04T00:00:00", "vulnerabilityPublicationDate": "2017-12-27T00:00:00", "exploitableWith": []}

{"openvas": [{"lastseen": "2019-05-29T18:33:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-8ed5eff2c0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17864", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873973", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873973", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8ed5eff2c0_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-8ed5eff2c0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873973\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 23:59:23 +0100 (Fri, 05 Jan 2018)\");\n script_cve_id(\"CVE-2017-17857\", \"CVE-2017-17856\", \"CVE-2017-17855\", \"CVE-2017-17854\",\n \"CVE-2017-17853\", \"CVE-2017-17852\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-8ed5eff2c0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8ed5eff2c0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEFHTLFUOREQQK4DCRD46ZY3QPR6RSJ5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.14.11~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-22d5fa8a90", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17864", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_22d5fa8a90_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-22d5fa8a90\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873968\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 23:58:52 +0100 (Fri, 05 Jan 2018)\");\n script_cve_id(\"CVE-2017-17857\", \"CVE-2017-17856\", \"CVE-2017-17855\", \"CVE-2017-17854\",\n \"CVE-2017-17853\", \"CVE-2017-17852\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-22d5fa8a90\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-22d5fa8a90\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFRT6EBC2HJ4XLWLZZ7MATZ2EWPTADAH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.14.11~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-07T14:59:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3523-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17862", "CVE-2017-16995", "CVE-2017-17864"], "modified": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310843416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3523-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843416\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-11 07:38:41 +0100 (Thu, 11 Jan 2018)\");\n script_cve_id(\"CVE-2017-17863\", \"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3523-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the Berkeley\n Packet Filter (BPF) implementation in the Linux kernel did not properly check\n the relationship between pointer values and the BPF stack. A local attacker\n could use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet\n Filter (BPF) implementation in the Linux kernel improperly performed sign\n extension in some situations. A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)\n Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\n implementation in the Linux kernel contained a branch-pruning logic issue around\n unreachable code. A local attacker could use this to cause a denial of service.\n (CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF)\n implementation in the Linux kernel mishandled pointer data values in some\n situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-17864)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3523-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3523-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1011-raspi2\", ver:\"4.13.0-1011.11\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1011.9\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-07T14:59:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3523-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-5754", "CVE-2017-17862", "CVE-2017-16995", "CVE-2017-17864"], "modified": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310843409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3523-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843409\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 07:39:53 +0100 (Wed, 10 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\", \"CVE-2017-17863\", \"CVE-2017-16995\", \"CVE-2017-17862\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3523-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that microprocessors\n utilizing speculative execution and indirect branch prediction may allow\n unauthorized memory reads via sidechannel attacks. This flaw is known as\n Meltdown. A local attacker could use this to expose sensitive information,\n including kernel memory. (CVE-2017-5754) Jann Horn discovered that the Berkeley\n Packet Filter (BPF) implementation in the Linux kernel did not properly check\n the relationship between pointer values and the BPF stack. A local attacker\n could use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet\n Filter (BPF) implementation in the Linux kernel improperly performed sign\n extension in some situations. A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)\n Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\n implementation in the Linux kernel contained a branch-pruning logic issue around\n unreachable code. A local attacker could use this to cause a denial of service.\n (CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF)\n implementation in the Linux kernel mishandled pointer data values in some\n situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-17864)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3523-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3523-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-25-generic\", ver:\"4.13.0-25.29\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-25-lowlatency\", ver:\"4.13.0-25.29\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.25.26\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.25.26\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3523-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-5754", "CVE-2017-17862", "CVE-2017-16995", "CVE-2017-17864"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843418", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3523_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-azure USN-3523-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843418\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-11 07:38:59 +0100 (Thu, 11 Jan 2018)\");\n script_cve_id(\"CVE-2017-5754\", \"CVE-2017-17863\", \"CVE-2017-16995\", \"CVE-2017-17862\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-azure USN-3523-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3523-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.10. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu\n 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized memory reads via\n sidechannel attacks. This flaw is known as Meltdown. A local attacker could use\n this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the\n Linux kernel did not properly check the relationship between pointer values and\n the BPF stack. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-17863) Jann Horn\n discovered that the Berkeley Packet Filter (BPF) implementation in the Linux\n kernel improperly performed sign extension in some situations. A local attacker\n could use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-16995) Alexei Starovoitov discovered that the Berkeley\n Packet Filter (BPF) implementation in the Linux kernel contained a\n branch-pruning logic issue around unreachable code. A local attacker could use\n this to cause a denial of service. (CVE-2017-17862) Jann Horn discovered that\n the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled\n pointer data values in some situations. A local attacker could use this to to\n expose sensitive information (kernel memory). (CVE-2017-17864)\");\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3523-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3523-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1005-azure\", ver:\"4.13.0-1005.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1006-gcp\", ver:\"4.13.0-1006.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1015-oem\", ver:\"4.13.0-1015.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-26-generic\", ver:\"4.13.0-26.29~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-26-generic-lpae\", ver:\"4.13.0-26.29~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-26-lowlatency\", ver:\"4.13.0-26.29~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.13.0.1005.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.13.0.1006.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.13.0.26.46\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.13.0.26.46\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.13.0.1006.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.13.0.26.46\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.13.0.1015.18\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1e033dc308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1e033dc308_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1e033dc308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874366\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:57:51 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1e033dc308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1e033dc308\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e71875c4aa", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e71875c4aa_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e71875c4aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:59:02 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e71875c4aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e71875c4aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.4~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-9d0e4e40b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9d0e4e40b5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-9d0e4e40b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874623\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 06:02:06 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-9d0e4e40b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9d0e4e40b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.12~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e8f793bbfc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e8f793bbfc_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e8f793bbfc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-06 10:21:31 +0200 (Wed, 06 Jun 2018)\");\n script_cve_id(\"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e8f793bbfc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e8f793bbfc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.13~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-93c2e74446", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93c2e74446_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-93c2e74446\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874606\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-26 05:55:13 +0200 (Sat, 26 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-93c2e74446\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93c2e74446\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-23T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c449dc1c9c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c449dc1c9c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c449dc1c9c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874721\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 06:16:07 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c449dc1c9c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c449dc1c9c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.16~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b57db4753c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b57db4753c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b57db4753c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874695\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-18 06:02:23 +0200 (Mon, 18 Jun 2018)\");\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\",\n \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\",\n \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b57db4753c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b57db4753c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.15~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2a0f8b2c9d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874761", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2a0f8b2c9d_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874761\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 06:02:18 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2a0f8b2c9d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.3~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-29T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b997780dca", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12904", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874751", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b997780dca_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b997780dca\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874751\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-29 10:57:08 +0200 (Fri, 29 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-12904\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b997780dca\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b997780dca\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.2~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:0408-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851698", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851698\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-10 07:54:04 +0100 (Sat, 10 Feb 2018)\");\n script_cve_id(\"CVE-2017-15129\", \"CVE-2017-17712\", \"CVE-2017-17862\", \"CVE-2017-17864\",\n \"CVE-2017-18017\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\",\n \"CVE-2018-5333\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:0408-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel had a race condition in inet- hdrincl that lead to\n uninitialized stack pointer usage this allowed a local user to execute\n code and gain privileges (bnc#1073229 1073230).\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of s ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0408-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug\", rpm:\"kselftests-kmp-debug~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug-debuginfo\", rpm:\"kselftests-kmp-debug-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default\", rpm:\"kselftests-kmp-default~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default-debuginfo\", rpm:\"kselftests-kmp-default-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla\", rpm:\"kselftests-kmp-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla-debuginfo\", rpm:\"kselftests-kmp-vanilla-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-19T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1c80fea1cd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1c80fea1cd_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1c80fea1cd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874964\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-19 06:42:42 +0200 (Sun, 19 Aug 2018)\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1c80fea1cd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1c80fea1cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.14~102.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:01:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-4ca01704a2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874365", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4ca01704a2_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-4ca01704a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:54:26 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\", \"CVE-2017-5123\",\n \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\", \"CVE-2017-14497\",\n \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\", \"CVE-2017-14051\",\n \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-7558\",\n \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-7533\",\n \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-4ca01704a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4ca01704a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-8484550fff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-13406", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8484550fff_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-8484550fff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874813\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:04:39 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-13406\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-8484550fff\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8484550fff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.5~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-49bda79bd5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_49bda79bd5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-49bda79bd5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-04 06:04:25 +0200 (Sat, 04 Aug 2018)\");\n script_cve_id(\"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-49bda79bd5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-49bda79bd5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.11~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-10T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2f6df9abfb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2f6df9abfb_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2f6df9abfb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874919\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-10 06:22:46 +0200 (Fri, 10 Aug 2018)\");\n script_cve_id(\"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2f6df9abfb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2f6df9abfb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-884a105c04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_884a105c04_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-884a105c04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:51 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-884a105c04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-884a105c04\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.7~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-79d7c3d2df", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_79d7c3d2df_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-79d7c3d2df\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874998\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 07:09:43 +0200 (Sun, 26 Aug 2018)\");\n script_cve_id(\"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\",\n \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-79d7c3d2df\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-79d7c3d2df\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.17~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c0a1284064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c0a1284064_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c0a1284064\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875128\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:30:25 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c0a1284064\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c0a1284064\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.10~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2ee3411cb8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-17972", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2ee3411cb8_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2ee3411cb8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875201\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:39:38 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-17972\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2ee3411cb8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2ee3411cb8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.13~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-d77cc41f35", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d77cc41f35_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-d77cc41f35\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875099\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:31:40 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\",\n \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\", \"CVE-2018-17182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-d77cc41f35\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d77cc41f35\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.9~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-11T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-94315e9a6b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-18021", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_94315e9a6b_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-94315e9a6b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-11 08:44:29 +0200 (Thu, 11 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-18021\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-94315e9a6b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-94315e9a6b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b68776e5b0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2018-18710", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b68776e5b0_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b68776e5b0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875334\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:34:37 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b68776e5b0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b68776e5b0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OZHJB75FAIL6GZIEXPM735EW43TAV37\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2018-b68776e5b0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"kernel on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.19~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-6367a17aa3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2018-1120", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2018-10322", "CVE-2017-16650", "CVE-2017-12134", "CVE-2018-10323", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6367a17aa3_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-6367a17aa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 05:57:30 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-6367a17aa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6367a17aa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T19:02:19", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-8824Mohamed Ghannam discovered that the DCCP implementation did not\ncorrectly manage resources when a socket is disconnected and\nreconnected, potentially leading to a use-after-free. A local\nuser could use this for denial of service (crash or data\ncorruption) or possibly for privilege escalation. On systems that\ndo not already have the dccp module loaded, this can be mitigated\nby disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp falseCVE-2017-16538\nAndrey Konovalov reported that the dvb-usb-lmedm04 media driver\ndid not correctly handle some error conditions during\ninitialisation. A physically present user with a specially\ndesigned USB device can use this to cause a denial of service\n(crash).\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2017-12-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4073-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-17805", "CVE-2017-16995", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-17449", "CVE-2017-16538", "CVE-2017-17807", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-17806"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4073-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704073\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-1000410\", \"CVE-2017-16538\", \"CVE-2017-16644\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17712\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-8824\");\n script_name(\"Debian Security Advisory DSA 4073-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-23 00:00:00 +0100 (Sat, 23 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4073.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.65-3+deb9u1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-8824Mohamed Ghannam discovered that the DCCP implementation did not\ncorrectly manage resources when a socket is disconnected and\nreconnected, potentially leading to a use-after-free. A local\nuser could use this for denial of service (crash or data\ncorruption) or possibly for privilege escalation. On systems that\ndo not already have the dccp module loaded, this can be mitigated\nby disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp falseCVE-2017-16538\nAndrey Konovalov reported that the dvb-usb-lmedm04 media driver\ndid not correctly handle some error conditions during\ninitialisation. A physically present user with a specially\ndesigned USB device can use this to cause a denial of service\n(crash).\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.65-3+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:41:47", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9644", "CVE-2013-2894", "CVE-2016-7097", "CVE-2018-14610", "CVE-2017-15274", "CVE-2015-8215", "CVE-2016-4913", "CVE-2017-6001", "CVE-2017-16995", "CVE-2018-7757", "CVE-2015-6526", "CVE-2019-9162", "CVE-2016-6198", "CVE-2014-4652", "CVE-2013-2930", "CVE-2016-4470", "CVE-2014-8133", "CVE-2016-4565", "CVE-2017-17864", "CVE-2019-5489"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191532", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1532\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2894\", \"CVE-2013-2930\", \"CVE-2014-4652\", \"CVE-2014-8133\", \"CVE-2014-9644\", \"CVE-2015-6526\", \"CVE-2015-8215\", \"CVE-2016-4470\", \"CVE-2016-4565\", \"CVE-2016-4913\", \"CVE-2016-6198\", \"CVE-2016-7097\", \"CVE-2017-15274\", \"CVE-2017-16995\", \"CVE-2017-17864\", \"CVE-2017-6001\", \"CVE-2018-14610\", \"CVE-2018-7757\", \"CVE-2019-5489\", \"CVE-2019-9162\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:06:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1532)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1532\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1532\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1532 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.(CVE-2015-6526)\n\nA vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page().(CVE-2016-4913)\n\nThe perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.(CVE-2013-2930)\n\nThe mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.(CVE-2019-5489)\n\nIt was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses.(CVE-2014-8133)\n\nAn issue was discovered in the btrfs filesystem code in the Linux kernel. An out-of-bounds access is possible in write_extent_buffer() when mounting and operating a crafted btrfs image due to a lack of verification at mount time within the btrfs_read_block_groups() in fs/btrfs/extent-tree.c function. This could lead to a system crash and a denial of service.(CVE-2018-14610)\n\nkernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a 'pointer leak.'(CVE-2017-17864) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:39:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2065", "CVE-2013-7265", "CVE-2016-6213", "CVE-2016-6480", "CVE-2017-17862", "CVE-2016-9555", "CVE-2016-4486", "CVE-2016-9685", "CVE-2014-4027", "CVE-2017-13715", "CVE-2017-15102", "CVE-2017-7308", "CVE-2017-8925", "CVE-2016-5344", "CVE-2016-2549", "CVE-2015-5283", "CVE-2017-1000363", "CVE-2016-3672", "CVE-2014-0069", "CVE-2018-10074"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191516", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1516\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7265\", \"CVE-2014-0069\", \"CVE-2014-4027\", \"CVE-2015-5283\", \"CVE-2016-2065\", \"CVE-2016-2549\", \"CVE-2016-3672\", \"CVE-2016-4486\", \"CVE-2016-5344\", \"CVE-2016-6213\", \"CVE-2016-6480\", \"CVE-2016-9555\", \"CVE-2016-9685\", \"CVE-2017-1000363\", \"CVE-2017-13715\", \"CVE-2017-15102\", \"CVE-2017-17862\", \"CVE-2017-7308\", \"CVE-2017-8925\", \"CVE-2018-10074\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:01:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1516)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1516\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1516\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1516 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.(CVE-2018-10074)\n\nAn information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client.(CVE-2014-4027)\n\nIt was found that in the Linux kernel version 4.2-rc1 to 4.3-rc1, a use of uninitialized 'n_proto', 'ip_proto', and 'thoff' variables in __skb_flow_dissect() function can lead to a remote denial-of-service via malformed MPLS packet.(CVE-2017-13715)\n\nIt was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2017-7308)\n\nA weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited.(CVE-2016-3672)\n\nsound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.(CVE-2016-2065)\n\nA race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.(CVE-2016-6480)\n\nThe omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.(CVE-2017-8925)\n\nThe tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.(CVE-2017-15102)\n\nThe rtnl_fill_ ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3619-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8043", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-16913", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-0861", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16912", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16995", "CVE-2017-11472", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16536", "CVE-2017-1000407", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16528", "CVE-2017-16914", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843497", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3619_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3619-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843497\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 09:55:27 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2017-16995\", \"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2018-8043\",\n \"CVE-2017-11472\", \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\",\n \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\",\n \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-17448\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\",\n \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\",\n \"CVE-2017-18075\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\",\n \"CVE-2017-7518\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2018-5344\", \"CVE-2018-6927\", \"CVE-2018-7492\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3619-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3619-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter (BPF)\n implementation in the Linux kernel improperly performed sign extension in some\n situations. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered\n that a race condition leading to a use-after-free vulnerability existed in the\n ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause\n a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-0861) It was discovered that the KVM implementation in the Linux\n kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a\n guest VM could use this to cause a denial of service (system crash) in the host\n OS. (CVE-2017-1000407) It was discovered that an information disclosure\n vulnerability existed in the ACPI implementation of the Linux kernel. A local\n attacker could use this to expose sensitive information (kernel memory\n addresses). (CVE-2017-11472) It was discovered that a use-after-free\n vulnerability existed in the network namespaces implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered\n that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel\n contained a use-after-free when handling device removal. A physically proximate\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the\n usbtest device driver in the Linux kernel did not properly validate endpoint\n metadata. A physically proximate attacker could use this to cause a denial of\n service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the\n Conexant cx231xx USB video capture driver in the Linux kernel did not properly\n validate interface descriptors. A physically proximate attacker could use this\n to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov\n discovered that the SoundGraph iMON USB driver in the Linux kernel did not\n properly validate device metadata. A physically proximate attacker could use\n this to cause a denial of service (system crash). (CVE-2017-16537) Andrey\n Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux\n kernel did not properly validate d ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3619-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3619-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1016-aws\", ver:\"4.4.0-1016.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-generic\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-generic-lpae\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-lowlatency\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc-e500mc\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc-smp\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc64-emb\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc64-smp\", ver:\"4.4.0-119.143~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1016.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.119.100\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3619-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8043", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-16913", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-0861", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16912", "CVE-2017-16532", "CVE-2017-16649", "CVE-2017-16995", "CVE-2017-11472", "CVE-2018-5344", "CVE-2017-16537", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-16646", "CVE-2017-16536", "CVE-2017-1000407", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-17807", "CVE-2018-1000026", "CVE-2017-16528", "CVE-2017-16914", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843496", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3619_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3619-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843496\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 09:52:06 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2017-16995\", \"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-11472\",\n \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\", \"CVE-2017-16536\",\n \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\",\n \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-17448\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\", \"CVE-2017-17805\",\n \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-18075\",\n \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-7518\",\n \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\",\n \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-8043\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3619-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the Berkeley\n Packet Filter (BPF) implementation in the Linux kernel improperly performed sign\n extension in some situations. A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)\n It was discovered that a race condition leading to a use-after-free\n vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM\n implementation in the Linux kernel allowed passthrough of the diagnostic I/O\n port 0x80. An attacker in a guest VM could use this to cause a denial of service\n (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an\n information disclosure vulnerability existed in the ACPI implementation of the\n Linux kernel. A local attacker could use this to expose sensitive information\n (kernel memory addresses). (CVE-2017-11472) It was discovered that a\n use-after-free vulnerability existed in the network namespaces implementation in\n the Linux kernel. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was\n discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the\n Linux kernel contained a use-after-free when handling device removal. A\n physically proximate attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey\n Konovalov discovered that the usbtest device driver in the Linux kernel did not\n properly validate endpoint metadata. A physically proximate attacker could use\n this to cause a denial of service (system crash). (CVE-2017-16532) Andrey\n Konovalov discovered that the Conexant cx231xx USB video capture driver in the\n Linux kernel did not properly validate interface descriptors. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver\n in the Linux kernel did not properly validate device metadata. A physically\n proximate attacker could use this to cause a denial of service (system crash).\n (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit\n USB driver in the Linux kernel did not properly validate device descriptors. A\n physically proximate attacker could use this to cause a denial of service\n (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom\n DiB0700 USB DVB driver in the Linux kernel di ... Description truncated, for\n more information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3619-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3619-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1020-kvm\", ver:\"4.4.0-1020.25\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1054-aws\", ver:\"4.4.0-1054.63\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1086-raspi2\", ver:\"4.4.0-1086.94\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1088-snapdragon\", ver:\"4.4.0-1088.93\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-generic\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-generic-lpae\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-lowlatency\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc-e500mc\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc-smp\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc64-emb\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-119-powerpc64-smp\", ver:\"4.4.0-119.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1054.56\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1020.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.119.125\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1086.86\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1088.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-04T18:12:50", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.14.11-200.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2018-01-04T18:12:50", "id": "FEDORA:C88F6601BD0C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SEFHTLFUOREQQK4DCRD46ZY3QPR6RSJ5/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-04T02:22:54", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.14.11-300.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2018-01-04T02:22:54", "id": "FEDORA:4A25C608E179", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CFRT6EBC2HJ4XLWLZZ7MATZ2EWPTADAH/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-18T01:31:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:31:51", "id": "FEDORA:74245604D4DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-29T05:16:13", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.4-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-29T05:16:13", "id": "FEDORA:AB52460321C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-25T15:46:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.11-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-25T15:46:24", "id": "FEDORA:08D3760E6566", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-05T14:11:50", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.13-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-05T14:11:50", "id": "FEDORA:4832F6079717", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-17T19:45:35", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.15-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-17T19:45:35", "id": "FEDORA:DF5176048167", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T11:50:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.12-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:50:44", "id": "FEDORA:E6F08605DCE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-22T14:12:17", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.16-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-22T14:12:17", "id": "FEDORA:10F7D6255145", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-01T01:37:15", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.3-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-01T01:37:15", "id": "FEDORA:909D360491BF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-28T13:35:42", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.2-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12904", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-28T13:35:42", "id": "FEDORA:25BDD6190ECF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-13T16:38:23", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.5-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-13T16:38:23", "id": "FEDORA:29FCE65ECD33", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-03T19:58:28", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.11-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-03T19:58:28", "id": "FEDORA:B54D264CBCAC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-29T11:10:03", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.11-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:10:03", "id": "FEDORA:44065605602A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-16T07:24:55", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.14-102.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-16T07:24:55", "id": "FEDORA:7640C641CB61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-18T01:07:00", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.17-200.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:07:00", "id": "FEDORA:6F1BC604D0C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-24T07:16:18", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.17-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-24T07:16:18", "id": "FEDORA:5D742610B071", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-11T17:46:05", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.7-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-11T17:46:05", "id": "FEDORA:648496077DD1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-09T16:53:05", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-09T16:53:05", "id": "FEDORA:6EC6360BEA04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-26T20:18:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.9-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-09-26T20:18:44", "id": "FEDORA:87BD56087904", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T21:55:37", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18021", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-10T21:55:37", "id": "FEDORA:D6F86601E6D9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T01:23:43", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.10-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-01T01:23:43", "id": "FEDORA:8F974604E846", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-27T03:13:40", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.19-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18710", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-11-27T03:13:40", "id": "FEDORA:B395E6087A9D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OZHJB75FAIL6GZIEXPM735EW43TAV37/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T12:10:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.13-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-17972", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-16T12:10:24", "id": "FEDORA:29049600CFF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-07-18T19:12:46", "description": "The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-8ed5eff2c0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-8ED5EFF2C0.NASL", "href": "https://www.tenable.com/plugins/nessus/105596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8ed5eff2c0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105596);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n script_xref(name:\"FEDORA\", value:\"2018-8ed5eff2c0\");\n\n script_name(english:\"Fedora 26 : kernel (2018-8ed5eff2c0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.14.11 stable kernel update contains a number of important fixes\nacross the tree. This also includes the KPTI patches to mitigate the\nMeltdown vulnerability for x86 architectures\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ed5eff2c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-8ed5eff2c0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.14.11-200.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:09:31", "description": "Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to to expose sensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3523-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3523-3.NASL", "href": "https://www.tenable.com/plugins/nessus/105748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3523-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105748);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n script_xref(name:\"USN\", value:\"3523-3\");\n\n script_name(english:\"Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3523-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel did not properly check the\nrelationship between pointer values and the BPF stack. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel improperly performed sign extension\nin some situations. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic\nissue around unreachable code. A local attacker could use this to\ncause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel mishandled pointer data values in\nsome situations. A local attacker could use this to to expose\nsensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3523-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.13-raspi2 and / or\nlinux-image-raspi2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3523-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-1011-raspi2\", pkgver:\"4.13.0-1011.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.13.0.1011.9\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:11:55", "description": "USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to to expose sensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3523-2) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3523-2.NASL", "href": "https://www.tenable.com/plugins/nessus/105747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3523-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105747);\n script_version(\"3.16\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3523-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3523-2) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel did not properly check the\nrelationship between pointer values and the BPF stack. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel improperly performed sign extension\nin some situations. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic\nissue around unreachable code. A local attacker could use this to\ncause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel mishandled pointer data values in\nsome situations. A local attacker could use this to to expose\nsensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3523-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3523-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1005-azure\", pkgver:\"4.13.0-1005.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1006-gcp\", pkgver:\"4.13.0-1006.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1015-oem\", pkgver:\"4.13.0-1015.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-26-generic\", pkgver:\"4.13.0-26.29~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-26-generic-lpae\", pkgver:\"4.13.0-26.29~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-26-lowlatency\", pkgver:\"4.13.0-26.29~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.13.0.1005.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.13.0.1006.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.13.0.26.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.13.0.26.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.13.0.1006.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.13.0.26.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.13.0.1015.18\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-azure / linux-image-4.13-gcp / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:08:57", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to to expose sensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 17.10 : linux vulnerabilities (USN-3523-1) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3523-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3523-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105726);\n script_version(\"3.16\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3523-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"Ubuntu 17.10 : linux vulnerabilities (USN-3523-1) (Meltdown)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel did not properly check the\nrelationship between pointer values and the BPF stack. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel improperly performed sign extension\nin some situations. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic\nissue around unreachable code. A local attacker could use this to\ncause a denial of service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel mishandled pointer data values in\nsome situations. A local attacker could use this to to expose\nsensitive information (kernel memory). (CVE-2017-17864).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3523-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-16995\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3523-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-25-generic\", pkgver:\"4.13.0-25.29\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-25-lowlatency\", pkgver:\"4.13.0-25.29\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.25.26\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.25.26\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-lowlatency / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:13:35", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel had a race condition in inet->hdrincl that lead to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229 1073230).\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-1000004: In the Linux kernel versions a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n\nThe following non-security bugs were fixed :\n\n - 509: fix printing uninitialized stack memory when OID is empty (bsc#1075078).\n\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n\n - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382).\n\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n\n - afs: Adjust mode bits processing (bnc#1012382).\n\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n\n - afs: Fix afs_kill_pages() (bnc#1012382).\n\n - afs: Fix missing put_page() (bnc#1012382).\n\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n\n - afs: Populate and use client modification time (bnc#1012382).\n\n - afs: Populate group ID from vnode status (bnc#1012382).\n\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n\n - alpha: fix build failures (bnc#1012382).\n\n - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717).\n\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717).\n\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717).\n\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717).\n\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717).\n\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n\n - arc: uaccess: dont use 'l' gcc inline asm constraint modifier (bnc#1012382).\n\n - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032).\n\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n\n - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).\n\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n\n - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032).\n\n - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).\n\n - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032).\n\n - arm64: debug: remove unused local_dbg_(enable, disable) macros (bsc#1068032).\n\n - arm64: Define cputype macros for Falkor CPU (bsc#1068032).\n\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n\n - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).\n\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n\n - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032).\n\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032).\n\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032).\n\n - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032).\n\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n\n - arm64: entry.S convert el0_sync (bsc#1068032).\n\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n\n - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032).\n\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n\n - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032).\n\n - arm64: explicitly mask all exceptions (bsc#1068032).\n\n - arm64: factor out entry stack manipulation (bsc#1068032).\n\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032).\n\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032).\n\n - arm64: factor work_pending state machine to C (bsc#1068032).\n\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n\n - arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032).\n\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032).\n\n - arm64: Implement branch predictor hardening for Falkor (bsc#1068032).\n\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n\n - arm64: introduce an order for exceptions (bsc#1068032).\n\n - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032).\n\n - arm64: Introduce uaccess_(disable,enable) functionality based on TTBR0_EL1 (bsc#1068032).\n\n - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032).\n\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n\n - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032).\n\n - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232).\n\n - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n\n - arm64: KVM: Make PSCI_VERSION a fast path (bsc#1068032).\n\n - arm64: KVM: Use per-CPU vector when BP hardening is enabled (bsc#1068032).\n\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032).\n\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032).\n\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032).\n\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n\n - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032).\n\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n\n - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032).\n\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032).\n\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n\n - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032).\n\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032).\n\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n\n - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel.\n Disable until kvm is fixed.\n\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032).\n\n - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).\n\n - arm64: use alternative auto-nop (bsc#1068032).\n\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n\n - arm/arm64: KVM: Make default HYP mappings non-excutable (bsc#1068032).\n\n - arm: avoid faulting on qemu (bnc#1012382).\n\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382).\n\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382).\n\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n\n - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382).\n\n - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382).\n\n - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382).\n\n - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes).\n\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n\n - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382).\n\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n\n - atm: horizon: Fix irq release error (bnc#1012382).\n\n - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382).\n\n - axonram: Fix gendisk handling (bnc#1012382).\n\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n\n - bcache: Avoid nested function definition (bsc#1076110).\n\n - bcache: bch_allocator_thread() is not freezable (bsc#1076110).\n\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n\n - bcache: check return value of register_shrinker (bsc#1076110).\n\n - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110).\n\n - bcache: documentation updates and corrections (bsc#1076110).\n\n - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110).\n\n - bcache: do not write back data if reading it failed (bsc#1076110).\n\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n\n - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078).\n\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n\n - bcache: increase the number of open buckets (bsc#1076110).\n\n - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652).\n\n - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784).\n\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n\n - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652).\n\n - bcache: Remove redundant set_capacity (bsc#1076110).\n\n - bcache: remove unused parameter (bsc#1076110).\n\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).\n\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n\n - bcache: silence static checker warning (bsc#1076110).\n\n - bcache: smooth writeback rate control (bsc#1076110).\n\n - bcache.txt: standardize document format (bsc#1076110).\n\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110).\n\n - bcache: update bucket_in_use in real time (bsc#1076110).\n\n - bcache: Update continue_at() documentation (bsc#1076110).\n\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n\n - bcache: use llist_for_each_entry_safe() in\n __closure_wake_up() (bsc#1076110).\n\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n\n - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192).\n\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382).\n\n - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382).\n\n - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382).\n\n - btrfs: add missing memset while reading compressed inline extents (bnc#1012382).\n\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n\n - can: gs_usb: fix return value of the 'set_bittiming' callback (bnc#1012382).\n\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382).\n\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n\n - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382).\n\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n\n - cdrom: factor out common open_for_* code (bsc#1048585).\n\n - cdrom: wait for tray to close (bsc#1048585).\n\n - ceph: more accurate statfs (bsc#1077068).\n\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382).\n\n - clk: mediatek: add the option for determining PLL source clock (bnc#1012382).\n\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n\n - config: arm64: enable HARDEN_BRANCH_PREDICTOR\n\n - config: arm64: enable UNMAP_KERNEL_AT_EL0\n\n - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382).\n\n - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382).\n\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382).\n\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n\n - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).\n\n - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382).\n\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382).\n\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n\n - crypto: n2 - cure use after free (bnc#1012382).\n\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382).\n\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n\n - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223).\n\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382).\n\n - delay: add poll_event_interruptible (bsc#1048585).\n\n - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).\n\n - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382).\n\n - dmaengine: Fix array index out of bounds warning in\n __get_unmap_pool() (bnc#1012382).\n\n - dmaengine: pl330: fix double lock (bnc#1012382).\n\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382).\n\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382).\n\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n\n - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032).\n\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n\n - drm: extra printk() wrapper macros (bnc#1012382).\n\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382).\n\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382).\n\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382).\n\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n\n - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382).\n\n - Fix build error in vma.c (bnc#1012382).\n\n - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).\n\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n\n - flow_dissector: properly cap thoff field (bnc#1012382).\n\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n\n - fork: clear thread stack upon allocation (bsc#1077560).\n\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n\n - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382).\n\n - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382).\n\n - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382).\n\n - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382).\n\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n\n - i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249).\n\n - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).\n\n - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).\n\n - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249).\n\n - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).\n\n - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249).\n\n - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249).\n\n - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).\n\n - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249).\n\n - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).\n\n - i40iw: Fix sequence number for the first partial FPDU (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249).\n\n - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249).\n\n - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249).\n\n - i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249).\n\n - i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249).\n\n - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).\n\n - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376 FATE#321249).\n\n - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).\n\n - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242).\n\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes).\n\n - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).\n\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382).\n\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n\n - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n\n - ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (bsc#1079038).\n\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n\n - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872).\n\n - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872).\n\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n\n - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231 FATE#321473).\n\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242).\n\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n\n - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).\n\n - igb: check memory allocation failure (bnc#1012382).\n\n - ima: fix hash algorithm initialization (bnc#1012382).\n\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n\n - input: elantech - add new icbody type 15 (bnc#1012382).\n\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382).\n\n - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382).\n\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n\n - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246).\n\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382).\n\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382).\n\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n\n - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129).\n\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382).\n\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n\n - iser-target: Fix possible use-after-free in connection establishment error (FATE#321732).\n\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n\n - kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805).\n\n - kABI: protect struct bpf_map (kabi).\n\n - kABI: protect struct ipv6_pinfo (kabi).\n\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n\n - kABI: protect struct usbip_device (kabi).\n\n - kabi/severities: arm64: ignore cpu capability array\n\n - kabi/severities: do not care about stuff_RSB\n\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).\n\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n\n - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382).\n\n - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382).\n\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382).\n\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382).\n\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382).\n\n - keys: add missing permission check for request_key() destination (bnc#1012382).\n\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n\n - kpti: Report when enabled (bnc#1012382).\n\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382).\n\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382).\n\n - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805).\n\n - kvm: s390: wire up bpb feature (bsc#1076805).\n\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032).\n\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382).\n\n - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382).\n\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n\n - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382).\n\n - md: more open-coded offset_in_page() (bsc#1076110).\n\n - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382).\n\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382).\n\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382).\n\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n\n - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871, bnc#1078002).\n\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382).\n\n - module: Add retpoline tag to VERMAGIC (bnc#1012382).\n\n - module: set __jump_table alignment to 8 (bnc#1012382).\n\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n\n - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382).\n\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382).\n\n - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382).\n\n - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382).\n\n - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382).\n\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382).\n\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n\n - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382).\n\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n\n - netfilter: do not track fragmented packets (bnc#1012382).\n\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382).\n\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382).\n\n - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382).\n\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382).\n\n - net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare (bsc#1015342).\n\n - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n\n - net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899).\n\n - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899).\n\n - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382).\n\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382).\n\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382).\n\n - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382).\n\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n\n - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).\n\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n\n - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382).\n\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n\n - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n\n - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382).\n\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382).\n\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382).\n\n - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811).\n\n - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811).\n\n - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195).\n\n - nvme-pci: Remove watchdog timer (bsc#1066163).\n\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382).\n\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n\n - partially revert tipc improve link resiliency when rps is activated (bsc#1068038).\n\n - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382).\n\n - pci: Avoid bus reset if bridge itself is broken (bnc#1012382).\n\n - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382).\n\n - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382).\n\n - pci/PME: Handle invalid data when reading Root Status (bnc#1012382).\n\n - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382).\n\n - perf test attr: Fix ignored test case result (bnc#1012382).\n\n - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382).\n\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087).\n\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087).\n\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087).\n\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382).\n\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382).\n\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). \n\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087).\n\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n\n - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382).\n\n - pti: unbreak EFI (bsc#1074709).\n\n - r8152: fix the list rx_done may be used without initialization (bnc#1012382).\n\n - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382).\n\n - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382).\n\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n\n - rdma/cma: Avoid triggering undefined behavior (bnc#1012382).\n\n - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249).\n\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n\n - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n\n - rds: NULL pointer dereference in rds_atomic_free_op (bnc#1012382).\n\n - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847).\n\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n\n - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847).\n\n - regulator: Try to resolve regulators supplies on registration (bsc#1074847).\n\n - Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (bnc#1012382).\n\n - Revert 'drm/armada: Fix compile fail' (bnc#1012382).\n\n - Revert 'kaiser: vmstat show NR_KAISERTABLE as nr_overhead' (kabi).\n\n - Revert 'lib/genalloc.c: make the avail variable an atomic_long_t' (kabi).\n\n - Revert 'module: Add retpoline tag to VERMAGIC' (bnc#1012382 kabi).\n\n - Revert 'module: Add retpoline tag to VERMAGIC' (kabi).\n\n - Revert 'ocfs2: should wait dio before inode lock in ocfs2_setattr()' (bnc#1012382).\n\n - Revert 's390/kbuild: enable modversions for symbols exported from asm' (bnc#1012382).\n\n - Revert 'sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks' (kabi).\n\n - Revert 'scsi: libsas: align sata_device's rps_resp on a cacheline' (kabi).\n\n - Revert 'spi: SPI_FSL_DSPI should depend on HAS_DMA' (bnc#1012382).\n\n - Revert 'userfaultfd: selftest: vm: allow to build in vm/ directory' (bnc#1012382).\n\n - Revert 'x86/efi: Build our own page table structures' (bnc#1012382).\n\n - Revert 'x86/efi: Hoist page table switching code into efi_call_virt()' (bnc#1012382).\n\n - Revert 'x86/mm/pat: Ensure cpa->pfn only contains page frame numbers' (bnc#1012382).\n\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n\n - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382).\n\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n\n - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382).\n\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n\n - rtc: pl031: make interrupt optional (bnc#1012382).\n\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n\n - s390: always save and restore all registers on context switch (bnc#1012382).\n\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740).\n\n - s390: fix compat system call table (bnc#1012382).\n\n - s390/pci: do not require AIS facility (bnc#1012382).\n\n - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472).\n\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n\n - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382).\n\n - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382).\n\n - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382).\n\n - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382).\n\n - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes).\n\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n\n - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138).\n\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382).\n\n - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382).\n\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n\n - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838).\n\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382).\n\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n\n - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382).\n\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382).\n\n - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382).\n\n - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382).\n\n - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382).\n\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n\n - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382).\n\n - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).\n\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n\n - series.conf: move core networking (including netfilter) into sorted section\n\n - series.conf: whitespace cleanup\n\n - Set supported_modules_check 1 (bsc#1072163).\n\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n\n - sh_eth: fix TSU resource handling (bnc#1012382).\n\n - sit: update frag_off info (bnc#1012382).\n\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n\n - spi_ks8995: fix 'BUG: key accdaa28 not in .data!' (bnc#1012382).\n\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382).\n\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382).\n\n - target/file: Do not return error for UNMAP if length is zero (bnc#1012382).\n\n - target: fix ALUA transition timeout handling (bnc#1012382).\n\n - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382).\n\n - target: fix race during implicit transition work flushes (bnc#1012382).\n\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382).\n\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n\n - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382).\n\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382).\n\n - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382).\n\n - tipc: fix cleanup at module unload (bnc#1012382).\n\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n\n - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382).\n\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n\n - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382).\n\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n\n - tty fix oops when rmmod 8250 (bnc#1012382).\n\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n\n - um: link vmlinux with -no-pie (bnc#1012382).\n\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n\n - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382).\n\n - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n\n - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382).\n\n - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes).\n\n - usb: fix usbmon BUG trigger (bnc#1012382).\n\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382).\n\n - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382).\n\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382).\n\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n\n - usb: Increase usbfs transfer limit (bnc#1012382).\n\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382).\n\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382).\n\n - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382).\n\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382).\n\n - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382).\n\n - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382).\n\n - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382).\n\n - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382).\n\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes).\n\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382).\n\n - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382).\n\n - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n\n - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n\n - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n\n - usb: serial: option: add Quectel BG96 id (bnc#1012382).\n\n - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382).\n\n - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n\n - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382).\n\n - usb: usbfs: Filter flags passed in from user space (bnc#1012382).\n\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n\n - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382).\n\n - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382).\n\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n\n - vmxnet3: repair memory leak (bnc#1012382).\n\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382).\n\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382).\n\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n\n - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n\n - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n\n - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).\n\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984).\n\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm (bnc#1012382).\n\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382).\n\n - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).\n\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n\n - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).\n\n - x86/cpu: Rename 'WESTMERE2' family to 'NEHALEM_G' (bsc#985025).\n\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n\n - x86/Documentation: Add PTI description (bnc#1012382).\n\n - x86/efi: Build our own page table structures (fate#320512).\n\n - x86/efi: Hoist page table switching code into efi_call_virt() (fate#320512).\n\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382).\n\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382).\n\n - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382).\n\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes).\n\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n\n - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588).\n\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n\n - x86/pti: Document fix wrong index (bnc#1012382).\n\n - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382).\n\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).\n\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).\n\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382).\n\n - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382).\n\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n\n - xfs: add configuration of error failure speed (bsc#1068569).\n\n - xfs: add 'fail at unmount' error handling configuration (bsc#1068569).\n\n - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569).\n\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382).\n\n - xfs: fix log block underflow during recovery cycle verification (bnc#1012382).\n\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n\n - xfs: introduce metadata IO error class (bsc#1068569).\n\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n\n - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569).\n\n - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).\n\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n\n - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1077513).\n\n - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382).\n\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382).\n\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n\n - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-153) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15129", "CVE-2017-17712", "CVE-2017-17862", "CVE-2017-17864", "CVE-2017-18017", "CVE-2017-5715", "CVE-2018-1000004", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-153.NASL", "href": "https://www.tenable.com/plugins/nessus/106740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-153.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106740);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15129\", \"CVE-2017-17712\", \"CVE-2017-17862\", \"CVE-2017-17864\", \"CVE-2017-18017\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-153) (Spectre)\");\n script_summary(english:\"Check for the openSUSE-2018-153 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been\n complemented by building the Linux Kernel with return\n trampolines aka 'retpolines'.\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page\n pinning fails or an invalid address is supplied, leading\n to an rds_atomic_free_op NULL pointer dereference\n (bnc#1075617).\n\n - CVE-2018-5332: In the Linux kernel the\n rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux\n kernel ignores unreachable code, even though it would\n still be processed by JIT compilers. This behavior, also\n considered an improper branch-pruning logic issue, could\n possibly be used by local users for denial of service\n (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux\n kernel mishandled states_equal comparisons between the\n pointer data type and the UNKNOWN_VALUE data type, which\n allowed local users to obtain potentially sensitive\n address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-17712: The raw_sendmsg() function in\n net/ipv4/raw.c in the Linux kernel had a race condition\n in inet->hdrincl that lead to uninitialized stack\n pointer usage; this allowed a local user to execute code\n and gain privileges (bnc#1073229 1073230).\n\n - CVE-2017-15129: A use-after-free vulnerability was found\n in network namespaces code affecting the Linux kernel\n The function get_net_ns_by_id() in\n net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although it is thought to be unlikely\n (bnc#1074839).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed\n remote attackers to cause a denial of service\n (use-after-free and memory corruption) or possibly have\n unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-1000004: In the Linux kernel versions a race\n condition vulnerability existed in the sound system,\n this can lead to a deadlock and denial of service\n condition (bnc#1076017).\n\nThe following non-security bugs were fixed :\n\n - 509: fix printing uninitialized stack memory when OID is\n empty (bsc#1075078).\n\n - 8021q: fix a memory leak for VLAN 0 device\n (bnc#1012382).\n\n - acpi / scan: Prefer devices without _HID/_CID for _ADR\n matching (bnc#1012382).\n\n - af_key: fix buffer overread in parse_exthdrs()\n (bnc#1012382).\n\n - af_key: fix buffer overread in verify_address_len()\n (bnc#1012382).\n\n - afs: Adjust mode bits processing (bnc#1012382).\n\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n\n - afs: Fix afs_kill_pages() (bnc#1012382).\n\n - afs: Fix missing put_page() (bnc#1012382).\n\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n\n - afs: Flush outstanding writes when an fd is closed\n (bnc#1012382).\n\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n\n - afs: Populate and use client modification time\n (bnc#1012382).\n\n - afs: Populate group ID from vnode status (bnc#1012382).\n\n - afs: Prevent callback expiry timer overflow\n (bnc#1012382).\n\n - alpha: fix build failures (bnc#1012382).\n\n - alsa: aloop: Fix inconsistent format due to incomplete\n rule (bsc#1031717).\n\n - alsa: aloop: Fix racy hw constraints adjustment\n (bsc#1031717).\n\n - alsa: aloop: Release cable upon open error path\n (bsc#1031717).\n\n - alsa: hda - Apply headphone noise quirk for another Dell\n XPS 13 variant (bsc#1031717).\n\n - alsa: hda - Apply the existing quirk to iMac 14,1\n (bsc#1031717).\n\n - alsa: pcm: Abort properly at pending signal in OSS\n read/write loops (bsc#1031717).\n\n - alsa: pcm: Add missing error checks in OSS emulation\n plugin builder (bsc#1031717).\n\n - alsa: pcm: Allow aborting mutex lock at OSS read/write\n loops (bsc#1031717).\n\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages\n (bsc#1031717).\n\n - alsa: pcm: Remove yet superfluous WARN_ON()\n (bsc#1031717).\n\n - arc: uaccess: dont use 'l' gcc inline asm constraint\n modifier (bnc#1012382).\n\n - arm64: Add skeleton to harden the branch predictor\n against aliasing attacks (bsc#1068032).\n\n - arm64: Add trace_hardirqs_off annotation in ret_to_user\n (bsc#1068032).\n\n - arm64: Branch predictor hardening for Cavium ThunderX2\n (bsc#1068032).\n\n - arm64/cpufeature: do not use mutex in bringup path\n (bsc#1068032).\n\n - arm64: cpufeature: Pass capability structure to ->enable\n callback (bsc#1068032).\n\n - arm64: cputype: Add MIDR values for Cavium ThunderX2\n CPUs (bsc#1068032).\n\n - arm64: cputype: Add missing MIDR values for Cortex-A72\n and Cortex-A75 (bsc#1068032).\n\n - arm64: debug: remove unused local_dbg_(enable, disable)\n macros (bsc#1068032).\n\n - arm64: Define cputype macros for Falkor CPU\n (bsc#1068032).\n\n - arm64: Disable TTBR0_EL1 during normal kernel execution\n (bsc#1068032).\n\n - arm64: Do not force KPTI for CPUs that are not\n vulnerable (bsc#1076187).\n\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n\n - arm64: entry: Add exception trampoline page for\n exceptions from EL0 (bsc#1068032).\n\n - arm64: entry: Add fake CPU feature for unmapping the\n kernel at EL0 (bsc#1068032).\n\n - arm64: entry: Explicitly pass exception level to\n kernel_ventry macro (bsc#1068032).\n\n - arm64: entry: Hook up entry trampoline to exception\n vectors (bsc#1068032).\n\n - arm64: entry: remove pointless SPSR mode check\n (bsc#1068032).\n\n - arm64: entry.S convert el0_sync (bsc#1068032).\n\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n\n - arm64: entry.S: move SError handling into a C function\n for future expansion (bsc#1068032).\n\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n\n - arm64: erratum: Work around Falkor erratum #E1003 in\n trampoline code (bsc#1068032).\n\n - arm64: explicitly mask all exceptions (bsc#1068032).\n\n - arm64: factor out entry stack manipulation\n (bsc#1068032).\n\n - arm64: factor out PAGE_* and CONT_* definitions\n (bsc#1068032).\n\n - arm64: Factor out PAN enabling/disabling into separate\n uaccess_* macros (bsc#1068032).\n\n - arm64: Factor out TTBR0_EL1 post-update workaround into\n a specific asm macro (bsc#1068032).\n\n - arm64: factor work_pending state machine to C\n (bsc#1068032).\n\n - arm64: fpsimd: Prevent registers leaking from dead tasks\n (bnc#1012382).\n\n - arm64: Handle el1 synchronous instruction aborts cleanly\n (bsc#1068032).\n\n - arm64: Handle faults caused by inadvertent user access\n with PAN enabled (bsc#1068032).\n\n - arm64: head.S: get rid of x25 and x26 with 'global'\n scope (bsc#1068032).\n\n - arm64: Implement branch predictor hardening for affected\n Cortex-A CPUs (bsc#1068032).\n\n - arm64: Implement branch predictor hardening for Falkor\n (bsc#1068032).\n\n - arm64: Initialise high_memory global variable earlier\n (bnc#1012382).\n\n - arm64: introduce an order for exceptions (bsc#1068032).\n\n - arm64: introduce mov_q macro to move a constant into a\n 64-bit register (bsc#1068032).\n\n - arm64: Introduce uaccess_(disable,enable) functionality\n based on TTBR0_EL1 (bsc#1068032).\n\n - arm64: kaslr: Put kernel vectors address in separate\n data page (bsc#1068032).\n\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0\n (bsc#1068032).\n\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry\n (bsc#1068032).\n\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n\n - arm64: kpti: Fix the interaction between ASID switching\n and software PAN (bsc#1068032).\n\n - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC\n calls (bsc#1076232).\n\n - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one\n (bnc#1012382).\n\n - arm64: KVM: Make PSCI_VERSION a fast path (bsc#1068032).\n\n - arm64: KVM: Use per-CPU vector when BP hardening is\n enabled (bsc#1068032).\n\n - arm64: Mask all exceptions during kernel_exit\n (bsc#1068032).\n\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper\n (bsc#1068032).\n\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN\n (bsc#1068032).\n\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the\n ASID in the TTBR (bsc#1068032).\n\n - arm64: mm: Invalidate both kernel and user ASIDs when\n performing TLBI (bsc#1068032).\n\n - arm64: mm: Map entry trampoline into trampoline and\n kernel page tables (bsc#1068032).\n\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n\n - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor\n erratum #E1003 (bsc#1068032).\n\n - arm64: mm: Rename post_ttbr0_update_workaround\n (bsc#1068032).\n\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN\n (bsc#1068032).\n\n - arm64: mm: Use non-global mappings for kernel space\n (bsc#1068032).\n\n - arm64: Move BP hardening to check_and_switch_context\n (bsc#1068032).\n\n - arm64: Move post_ttbr_update_workaround to C code\n (bsc#1068032).\n\n - arm64: Move the async/fiq helpers to explicitly set\n process context flags (bsc#1068032).\n\n - arm64: SW PAN: Point saved ttbr0 at the zero page when\n switching to init_mm (bsc#1068032).\n\n - arm64: SW PAN: Update saved ttbr0 value on\n enter_lazy_tlb (bsc#1068032).\n\n - arm64: swp emulation: bound LL/SC retries before\n rescheduling (bsc#1068032).\n\n - arm64: sysreg: Fix unprotected macro argmuent in\n write_sysreg (bsc#1068032).\n\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3\n (bsc#1068032).\n\n - arm64: thunderx2: remove branch predictor hardening\n References: bsc#1076232 This causes undefined\n instruction abort on the smc call from guest kernel.\n Disable until kvm is fixed.\n\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0\n for native tasks (bsc#1068032).\n\n - arm64: Turn on KPTI only on CPUs that need it\n (bsc#1076187).\n\n - arm64: use alternative auto-nop (bsc#1068032).\n\n - arm64: use RET instruction for exiting the trampoline\n (bsc#1068032).\n\n - arm64: xen: Enable user access before a privcmd hvc call\n (bsc#1068032).\n\n - arm/arm64: KVM: Make default HYP mappings non-excutable\n (bsc#1068032).\n\n - arm: avoid faulting on qemu (bnc#1012382).\n\n - arm: BUG if jumping to usermode address in kernel mode\n (bnc#1012382).\n\n - arm-ccn: perf: Prevent module unload while PMU is in use\n (bnc#1012382).\n\n - arm: dma-mapping: disallow dma_get_sgtable() for\n non-kernel managed memory (bnc#1012382).\n\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow\n suspend (bnc#1012382).\n\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks\n A7 (bnc#1012382).\n\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n\n - arm: kprobes: Align stack to 8-bytes in test code\n (bnc#1012382).\n\n - arm: kprobes: Fix the return address of multiple\n kretprobes (bnc#1012382).\n\n - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one\n (bnc#1012382).\n\n - arm: OMAP1: DMA: Correct the number of logical channels\n (bnc#1012382).\n\n - arm: OMAP2+: Fix device node reference counts\n (bnc#1012382).\n\n - arm: OMAP2+: gpmc-onenand: propagate error on\n initialization failure (bnc#1012382).\n\n - arm: OMAP2+: Release device node after it is no longer\n needed (bnc#1012382).\n\n - asm-prototypes: Clear any CPP defines before declaring\n the functions (git-fixes).\n\n - asn.1: check for error from ASN1_OP_END__ACT actions\n (bnc#1012382).\n\n - asn.1: fix out-of-bounds read when parsing indefinite\n length item (bnc#1012382).\n\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n\n - atm: horizon: Fix irq release error (bnc#1012382).\n\n - audit: ensure that 'audit=1' actually enables audit for\n PID 1 (bnc#1012382).\n\n - axonram: Fix gendisk handling (bnc#1012382).\n\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n\n - bcache: add a comment in journal bucket reading\n (bsc#1076110).\n\n - bcache: Avoid nested function definition (bsc#1076110).\n\n - bcache: bch_allocator_thread() is not freezable\n (bsc#1076110).\n\n - bcache: bch_writeback_thread() is not freezable\n (bsc#1076110).\n\n - bcache: check return value of register_shrinker\n (bsc#1076110).\n\n - bcache: documentation formatting, edited for clarity,\n stripe alignment notes (bsc#1076110).\n\n - bcache: documentation updates and corrections\n (bsc#1076110).\n\n - bcache: Do not reinvent the wheel but use existing llist\n API (bsc#1076110).\n\n - bcache: do not write back data if reading it failed\n (bsc#1076110).\n\n - bcache: explicitly destroy mutex while exiting\n (bnc#1012382).\n\n - bcache: fix a comments typo in bch_alloc_sectors()\n (bsc#1076110).\n\n - bcache: fix sequential large write IO bypass\n (bsc#1076110).\n\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n\n - bcache: gc does not work when triggering by manual\n command (bsc#1076110, bsc#1038078).\n\n - bcache: implement PI controller for writeback rate\n (bsc#1076110).\n\n - bcache: increase the number of open buckets\n (bsc#1076110).\n\n - bcache: only permit to recovery read error when cache\n device is clean (bnc#1012382 bsc#1043652).\n\n - bcache: partition support: add 16 minors per bcacheN\n device (bsc#1076110, bsc#1019784).\n\n - bcache: rearrange writeback main thread ratelimit\n (bsc#1076110).\n\n - bcache: recover data from backing when data is clean\n (bnc#1012382 bsc#1043652).\n\n - bcache: Remove redundant set_capacity (bsc#1076110).\n\n - bcache: remove unused parameter (bsc#1076110).\n\n - bcache: rewrite multiple partitions support\n (bsc#1076110, bsc#1038085).\n\n - bcache: safeguard a dangerous addressing in\n closure_queue (bsc#1076110).\n\n - bcache: silence static checker warning (bsc#1076110).\n\n - bcache: smooth writeback rate control (bsc#1076110).\n\n - bcache.txt: standardize document format (bsc#1076110).\n\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag\n hints (bsc#1076110).\n\n - bcache: update bucket_in_use in real time (bsc#1076110).\n\n - bcache: Update continue_at() documentation\n (bsc#1076110).\n\n - bcache: use kmalloc to allocate bio in bch_data_verify()\n (bsc#1076110).\n\n - bcache: use llist_for_each_entry_safe() in\n __closure_wake_up() (bsc#1076110).\n\n - bcache: writeback rate clamping: make 32 bit safe\n (bsc#1076110).\n\n - bcache: writeback rate shouldn't artifically clamp\n (bsc#1076110).\n\n - be2net: restore properly promisc mode after queues\n reconfiguration (bsc#963844 FATE#320192).\n\n - block: wake up all tasks blocked in get_request()\n (bnc#1012382).\n\n - bluetooth: btusb: driver to enable the usb-wakeup\n feature (bnc#1012382).\n\n - bnx2x: do not rollback VF MAC/VLAN filters we did not\n configure (bnc#1012382).\n\n - bnx2x: fix possible overrun of VFPF multicast addresses\n array (bnc#1012382).\n\n - bnx2x: prevent crash when accessing PTP with interface\n down (bnc#1012382).\n\n - btrfs: add missing memset while reading compressed\n inline extents (bnc#1012382).\n\n - can: af_can: canfd_rcv(): replace WARN_ONCE by\n pr_warn_once (bnc#1012382).\n\n - can: af_can: can_rcv(): replace WARN_ONCE by\n pr_warn_once (bnc#1012382).\n\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO\n (bnc#1012382).\n\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO\n (bnc#1012382).\n\n - can: gs_usb: fix return value of the 'set_bittiming'\n callback (bnc#1012382).\n\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO\n (bnc#1012382).\n\n - can: kvaser_usb: Fix comparison bug in\n kvaser_usb_read_bulk_callback() (bnc#1012382).\n\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n\n - can: kvaser_usb: ratelimit errors if incomplete messages\n are received (bnc#1012382).\n\n - can: peak: fix potential bug in packet fragmentation\n (bnc#1012382).\n\n - can: ti_hecc: Fix napi poll return value for repoll\n (bnc#1012382).\n\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO\n (bnc#1012382).\n\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n\n - cdrom: factor out common open_for_* code (bsc#1048585).\n\n - cdrom: wait for tray to close (bsc#1048585).\n\n - ceph: more accurate statfs (bsc#1077068).\n\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work\n on i.MX6 SoCs w/o VPU (bnc#1012382).\n\n - clk: mediatek: add the option for determining PLL source\n clock (bnc#1012382).\n\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n\n - config: arm64: enable HARDEN_BRANCH_PREDICTOR\n\n - config: arm64: enable UNMAP_KERNEL_AT_EL0\n\n - cpuidle: fix broadcast control when broadcast can not be\n entered (bnc#1012382).\n\n - cpuidle: powernv: Pass correct drv->cpumask for\n registration (bnc#1012382).\n\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs()\n (bnc#1012382).\n\n - crypto: algapi - fix NULL dereference in\n crypto_remove_spawns() (bnc#1012382).\n\n - crypto: chacha20poly1305 - validate the digest size\n (bnc#1012382).\n\n - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).\n\n - crypto: crypto4xx - increase context and scatter ring\n buffer elements (bnc#1012382).\n\n - crypto: deadlock between\n crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382).\n\n - crypto: mcryptd - protect the per-CPU queue with a lock\n (bnc#1012382).\n\n - crypto: n2 - cure use after free (bnc#1012382).\n\n - crypto: pcrypt - fix freeing pcrypt instances\n (bnc#1012382).\n\n - crypto: s5p-sss - Fix completing crypto request in IRQ\n handler (bnc#1012382).\n\n - crypto: tcrypt - fix buffer lengths in test_aead_speed()\n (bnc#1012382).\n\n - cxl: Check if vphb exists before iterating over AFU\n devices (bsc#1066223).\n\n - dax: Pass detailed error code from __dax_fault()\n (bsc#1072484).\n\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in\n closed state (bnc#1012382).\n\n - delay: add poll_event_interruptible (bsc#1048585).\n\n - dlm: fix malfunction of dlm_tool caused by debugfs\n changes (bsc#1077704).\n\n - dmaengine: dmatest: move callback wait queue to thread\n context (bnc#1012382).\n\n - dmaengine: Fix array index out of bounds warning in\n __get_unmap_pool() (bnc#1012382).\n\n - dmaengine: pl330: fix double lock (bnc#1012382).\n\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux\n value type (bnc#1012382).\n\n - dm btree: fix serious bug in btree_split_beneath()\n (bnc#1012382).\n\n - dm bufio: fix shrinker scans when (nr_to_scan <\n retain_target) (bnc#1012382).\n\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6\n (bnc#1012382).\n\n - drivers/firmware: Expose psci_get_version through\n psci_ops structure (bsc#1068032).\n\n - drm/amd/amdgpu: fix console deadlock if late init failed\n (bnc#1012382).\n\n - drm: extra printk() wrapper macros (bnc#1012382).\n\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output\n enablement (bnc#1012382).\n\n - drm/exynos: gem: Drop NONCONTIG flag for buffers\n allocated without IOMMU (bnc#1012382).\n\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers\n (bnc#1012382).\n\n - drm/radeon: reinstate oland workaround for sclk\n (bnc#1012382).\n\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n\n - drm/vmwgfx: Potential off by one in vmw_view_add()\n (bnc#1012382).\n\n - dynamic-debug-howto: fix optional/omitted ending line\n number to be LARGE instead of 0 (bnc#1012382).\n\n - edac, i5000, i5400: Fix definition of NRECMEMB register\n (bnc#1012382).\n\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro\n (bnc#1012382).\n\n - edac, sb_edac: Fix missing break in switch\n (bnc#1012382).\n\n - efi/esrt: Cleanup bad memory map log messages\n (bnc#1012382).\n\n - efi: Move some sysfs files to be read-only by root\n (bnc#1012382).\n\n - eventpoll.h: add missing epoll event masks\n (bnc#1012382).\n\n - ext4: fix crash when a directory's i_size is too small\n (bnc#1012382).\n\n - ext4: Fix ENOSPC handling in DAX page fault handle\n (bsc#1072484).\n\n - ext4: fix fdatasync(2) after fallocate(2) operation\n (bnc#1012382).\n\n - fbdev: controlfb: Add missing modes to fix out of bounds\n access (bnc#1012382).\n\n - Fix build error in vma.c (bnc#1012382).\n\n - Fixup hang when calling 'nvme list' on all paths down\n (bsc#1070052).\n\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n\n - flow_dissector: properly cap thoff field (bnc#1012382).\n\n - fm10k: ensure we process SM mbx when processing VF mbx\n (bnc#1012382).\n\n - fork: clear thread stack upon allocation (bsc#1077560).\n\n - fscache: Fix the default for\n fscache_maybe_release_page() (bnc#1012382).\n\n - futex: Prevent overflow by strengthen input validation\n (bnc#1012382).\n\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n\n - gfs2: Take inode off order_write list when setting jdata\n flag (bnc#1012382).\n\n - gpio: altera: Use handle_level_irq when configured as a\n level_high (bnc#1012382).\n\n - hid: chicony: Add support for another ASUS Zen AiO\n keyboard (bnc#1012382).\n\n - hid: xinmo: fix for out of range for THT 2P arcade\n controller (bnc#1012382).\n\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug\n (bnc#1012382).\n\n - hv: kvp: Avoid reading past allocated blocks from KVP\n file (bnc#1012382).\n\n - hwmon: (asus_atk0110) fix uninitialized data access\n (bnc#1012382).\n\n - i40iw: Account for IPv6 header when setting MSS\n (bsc#1024376 FATE#321249).\n\n - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376\n FATE#321249).\n\n - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).\n\n - i40iw: Clear CQP Head/Tail during initialization\n (bsc#1024376 FATE#321249).\n\n - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).\n\n - i40iw: Correct Q1/XF object count equation (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Do not allow posting WR after QP is flushed\n (bsc#1024376 FATE#321249).\n\n - i40iw: Do not free sqbuf when event is\n I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249).\n\n - i40iw: Do not generate CQE for RTR on QP flush\n (bsc#1024376 FATE#321249).\n\n - i40iw: Do not retransmit MPA request after it is ACKed\n (bsc#1024376 FATE#321249).\n\n - i40iw: Fixes for static checker warnings (bsc#1024376\n FATE#321249).\n\n - i40iw: Fix sequence number for the first partial FPDU\n (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Fix the connection ORD value for loopback\n (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Ignore AE source field in AEQE for some AEs\n (bsc#1024376 FATE#321249).\n\n - i40iw: Move cqp_cmd_head init to CQP initialization\n (bsc#1024376 FATE#321249).\n\n - i40iw: Move exception_lan_queue to VSI structure\n (bsc#1024376 FATE#321249).\n\n - i40iw: Move MPA request event for loopback after connect\n (bsc#1024376 FATE#321249).\n\n - i40iw: Notify user of established connection after QP in\n RTS (bsc#1024376 FATE#321249).\n\n - i40iw: Reinitialize IEQ on MTU change (bsc#1024376\n FATE#321249).\n\n - i40iw: Remove limit on re-posting AEQ entries to HW\n (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40iw: Selectively teardown QPs on IP addr change event\n (bsc#1024376 FATE#321249).\n\n - i40iw: Validate correct IRD/ORD connection parameters\n (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - ib/hfi1: Fix misspelling in comment (bsc#973818,\n fate#319242).\n\n - ib/hfi1: Prevent kernel QP post send hard lockups\n (bsc#973818 FATE#319242).\n\n - ib/ipoib: Fix lockdep issue found on\n ipoib_ib_dev_heavy_flush (git-fixes).\n\n - ib/ipoib: Fix race condition in neigh creation\n (bsc#1022595 FATE#322350).\n\n - ib/ipoib: Grab rtnl lock on heavy flush when calling\n ndo_open/stop (bnc#1012382).\n\n - ib/mlx4: Increase maximal message size under UD QP\n (bnc#1012382).\n\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP\n (bnc#1012382).\n\n - ib/mlx5: Serialize access to the VMA list (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n\n - ibmvnic: Allocate and request vpd in init_resources\n (bsc#1076872).\n\n - ibmvnic: Do not handle RX interrupts when not up\n (bsc#1075066).\n\n - ibmvnic: fix firmware version when no firmware level has\n been provided by the VIOS server (bsc#1079038).\n\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n\n - ibmvnic: Modify buffer size and number of queues on\n failover (bsc#1076872).\n\n - ibmvnic: Revert to previous mtu when unsupported value\n requested (bsc#1076872).\n\n - ibmvnic: Wait for device response when changing MAC\n (bsc#1078681).\n\n - ib/qib: Fix comparison error with qperf compare/swap\n test (FATE#321231 FATE#321473).\n\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah()\n (bsc#973818, fate#319242).\n\n - ib/srpt: Disable RDMA access by the initiator\n (bnc#1012382).\n\n - ib/srpt: Fix ACL lookup during login (bsc#1024296\n FATE#321265).\n\n - igb: check memory allocation failure (bnc#1012382).\n\n - ima: fix hash algorithm initialization (bnc#1012382).\n\n - inet: frag: release spinlock before calling icmp_send()\n (bnc#1012382).\n\n - input: 88pm860x-ts - fix child-node lookup\n (bnc#1012382).\n\n - input: elantech - add new icbody type 15 (bnc#1012382).\n\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux\n list (bnc#1012382).\n\n - input: trackpoint - force 3 buttons if 0 button is\n reported (bnc#1012382).\n\n - input: twl4030-vibra - fix sibling-node lookup\n (bnc#1012382).\n\n - input: twl6040-vibra - fix child-node lookup\n (bnc#1012382).\n\n - input: twl6040-vibra - fix DT node memory management\n (bnc#1012382).\n\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n\n - iommu/arm-smmu-v3: Do not free page table ops twice\n (bnc#1012382).\n\n - iommu/vt-d: Fix scatterlist offset handling\n (bnc#1012382).\n\n - ip6_gre: remove the incorrect mtu limit for ipgre tap\n (bsc#1022912 FATE#321246).\n\n - ip6_tunnel: disable dst caching if tunnel is dual-stack\n (bnc#1012382).\n\n - ipmi: Stop timers before cleaning up the module\n (bnc#1012382).\n\n - ipv4: Fix use-after-free when flushing FIB tables\n (bnc#1012382).\n\n - ipv4: igmp: guard against silly MTU values\n (bnc#1012382).\n\n - ipv4: Make neigh lookup keys for loopback/point-to-point\n devices be INADDR_ANY (bnc#1012382).\n\n - ipv6: Fix getsockopt() for sockets with default\n IPV6_AUTOFLOWLABEL (bnc#1012382).\n\n - ipv6: fix possible mem leaks in ipv6_make_skb()\n (bnc#1012382).\n\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU\n (bnc#1012382).\n\n - ipv6: ip6_make_skb() needs to clear cork.base.dst\n (git-fixes).\n\n - ipv6: mcast: better catch silly mtu values\n (bnc#1012382).\n\n - ipv6: reorder icmpv6_init() and ip6_mr_init()\n (bnc#1012382).\n\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n\n - irda: vlsi_ir: fix check for DMA mapping errors\n (bnc#1012382).\n\n - irqchip/crossbar: Fix incorrect type of register size\n (bnc#1012382).\n\n - iscsi_iser: Re-enable 'iser_pi_guard' module parameter\n (bsc#1062129).\n\n - iscsi-target: fix memory leak in\n lio_target_tiqn_addtpg() (bnc#1012382).\n\n - iscsi-target: Make TASK_REASSIGN use proper\n se_cmd->cmd_kref (bnc#1012382).\n\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n\n - iser-target: Fix possible use-after-free in connection\n establishment error (FATE#321732).\n\n - iw_cxgb4: Only validate the MSN for successful\n completions (bnc#1012382).\n\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n\n - jump_label: Invoke jump_label_test() via\n early_initcall() (bnc#1012382).\n\n - kabi: Keep KVM stable after enable s390 wire up bpb\n feature (bsc#1076805).\n\n - kABI: protect struct bpf_map (kabi).\n\n - kABI: protect struct ipv6_pinfo (kabi).\n\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n\n - kABI: protect struct usbip_device (kabi).\n\n - kabi/severities: arm64: ignore cpu capability array\n\n - kabi/severities: do not care about stuff_RSB\n\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n\n - kbuild: add '-fno-stack-check' to kernel build options\n (bnc#1012382).\n\n - kbuild: modversions for EXPORT_SYMBOL() for asm\n (bsc#1074621 bsc#1068032).\n\n - kbuild: pkg: use --transform option to prefix paths in\n tar (bnc#1012382).\n\n - kdb: Fix handling of kallsyms_symbol_next() return value\n (bnc#1012382).\n\n - kernel/acct.c: fix the acct->needcheck check in\n check_free_space() (bnc#1012382).\n\n - kernel: make groups_sort calling a responsibility\n group_info allocators (bnc#1012382).\n\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks\n from !sig_kernel_only() signals (bnc#1012382).\n\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE\n tasks from SIGKILL (bnc#1012382).\n\n - kernel/signal.c: remove the no longer needed\n SIGNAL_UNKILLABLE check in complete_signal()\n (bnc#1012382).\n\n - keys: add missing permission check for request_key()\n destination (bnc#1012382).\n\n - kprobes/x86: Disable preemption in ftrace-based jprobes\n (bnc#1012382).\n\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n\n - kpti: Report when enabled (bnc#1012382).\n\n - kvm: Fix stack-out-of-bounds read in write_mmio\n (bnc#1012382).\n\n - kvm: nVMX: reset nested_run_pending if the vCPU is going\n to be reset (bnc#1012382).\n\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut\n down (bnc#1012382).\n\n - kvm: pci-assign: do not map smm memory slot pages in\n vt-d page tables (bnc#1012382).\n\n - kvm: s390: Enable all facility bits that are known good\n for passthrough (bsc#1076805).\n\n - kvm: s390: wire up bpb feature (bsc#1076805).\n\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts\n (bnc#1012382).\n\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382\n bsc#1068032).\n\n - kvm: x86: Add memory barrier on vmcs field lookup\n (bnc#1012382).\n\n - kvm: x86: correct async page present tracepoint\n (bnc#1012382).\n\n - kvm: X86: Fix load RFLAGS w/o the fixed bit\n (bnc#1012382).\n\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series\n devices (bnc#1012382).\n\n - libata: drop WARN from protocol error in\n ata_sff_qc_issue() (bnc#1012382).\n\n - lib/genalloc.c: make the avail variable an atomic_long_t\n (bnc#1012382).\n\n - macvlan: Only deliver one copy of the frame to the\n macvlan interface (bnc#1012382).\n\n - md: more open-coded offset_in_page() (bsc#1076110).\n\n - media: dvb: i2c transfers over usb cannot be done from\n stack (bnc#1012382).\n\n - mfd: cros ec: spi: Do not send first message too soon\n (bnc#1012382).\n\n - mfd: twl4030-audio: Fix sibling-node lookup\n (bnc#1012382).\n\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite\n handlers (bnc#1012382).\n\n - mmc: mediatek: Fixed bug where clock frequency could be\n set wrong (bnc#1012382).\n\n - mm: drop unused pmdp_huge_get_and_clear_notify()\n (bnc#1012382).\n\n - mm: Handle 0 flags in _calc_vm_trans() macro\n (bnc#1012382).\n\n - mm/mprotect: add a cond_resched() inside\n change_pmd_range() (bnc#1077871, bnc#1078002).\n\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available\n even on UP (bnc#1012382).\n\n - module: Add retpoline tag to VERMAGIC (bnc#1012382).\n\n - module: set __jump_table alignment to 8 (bnc#1012382).\n\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n\n - net: Allow neigh contructor functions ability to modify\n the primary_key (bnc#1012382).\n\n - net/appletalk: Fix kernel memory disclosure\n (bnc#1012382).\n\n - net: bcmgenet: correct MIB access of UniMAC RUNT\n counters (bnc#1012382).\n\n - net: bcmgenet: correct the RBUF_OVFL_CNT and\n RBUF_ERR_CNT MIB values (bnc#1012382).\n\n - net: bcmgenet: power down internal phy if open or resume\n fails (bnc#1012382).\n\n - net: bcmgenet: Power up the internal PHY before probing\n the MII (bnc#1012382).\n\n - net: bcmgenet: reserved phy revisions must be checked\n first (bnc#1012382).\n\n - net: bridge: fix early call to br_stp_change_bridge_id\n and plug newlink leaks (bnc#1012382).\n\n - net: core: fix module type in sock_diag_bind\n (bnc#1012382).\n\n - net: Do not allow negative values for busy_read and\n busy_poll sysctl interfaces (bnc#1012382).\n\n - net: fec: fix multicast filtering hardware setup\n (bnc#1012382).\n\n - netfilter: bridge: honor frag_max_size when\n refragmenting (bnc#1012382).\n\n - netfilter: do not track fragmented packets\n (bnc#1012382).\n\n - netfilter: ipvs: Fix inappropriate output of procfs\n (bnc#1012382).\n\n - netfilter: nfnetlink_queue: fix secctx memory leak\n (bnc#1012382).\n\n - netfilter: nfnetlink_queue: fix timestamp attribute\n (bsc#1074134).\n\n - netfilter: nfnl_cthelper: fix a race when walk the\n nf_ct_helper_hash table (bnc#1012382).\n\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n\n - netfilter: nfnl_cthelper: fix runtime expectation policy\n updates (bnc#1012382).\n\n - net: Fix double free and memory corruption in\n get_net_ns_by_id() (bnc#1012382).\n\n - net: igmp: fix source address check for IGMPv3 reports\n (bnc#1012382).\n\n - net: igmp: Use correct source address on IGMPv3 reports\n (bnc#1012382).\n\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n\n - net: ipv4: fix for a race condition in raw_sendmsg\n (bnc#1012382).\n\n - net/mac80211/debugfs.c: prevent build failure with\n CONFIG_UBSAN=y (bnc#1012382).\n\n - net/mlx5: Avoid NULL pointer dereference on steering\n cleanup (bsc#1015342 FATE#321688 bsc#1015343\n FATE#321689).\n\n - net/mlx5: Cleanup IRQs in case of unload failure\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Add refcount to VXLAN structure (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Fix features check of IPv6 traffic\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Fix fixpoint divide exception in\n mlx5e_am_stats_compare (bsc#1015342).\n\n - net/mlx5e: Fix possible deadlock of VXLAN lock\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5e: Prevent possible races in VXLAN control flow\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net/mlx5: Fix rate limit packet pacing naming and struct\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n\n - net/mlx5: Stay in polling mode when command EQ destroy\n fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER\n case (bnc#1012382).\n\n - net: mvneta: clear interface link status on port disable\n (bnc#1012382).\n\n - net: mvneta: eliminate wrong call to handle rx\n descriptor error (fate#319899).\n\n - net: mvneta: use proper rxq_number in loop on rx queues\n (fate#319899).\n\n - net/packet: fix a race in packet_bind() and\n packet_notifier() (bnc#1012382).\n\n - net: phy: at803x: Change error to EINVAL for invalid MAC\n (bnc#1012382).\n\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy\n autoneg workaround (bnc#1012382).\n\n - net: qdisc_pkt_len_init() should be more robust\n (bnc#1012382).\n\n - net: qmi_wwan: add Sierra EM7565 1199:9091\n (bnc#1012382).\n\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola\n Droid 4 (bnc#1012382).\n\n - net: reevalulate autoflowlabel setting after sysctl\n setting (bnc#1012382).\n\n - net: Resend IGMP memberships upon peer notification\n (bnc#1012382).\n\n - net: sctp: fix array overrun read on sctp_timer_tbl\n (bnc#1012382).\n\n - net: stmmac: enable EEE in MII, GMII or RGMII only\n (bnc#1012382).\n\n - net: systemport: Pad packet before inserting TSB\n (bnc#1012382).\n\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n\n - net: tcp: close sock if net namespace is exiting\n (bnc#1012382).\n\n - net: wimax/i2400m: fix NULL-deref at probe\n (bnc#1012382).\n\n - nfs: Add a cond_resched() to nfs_commit_release_pages()\n (bsc#1077779).\n\n - nfsd: auth: Fix gid sorting when rootsquash enabled\n (bnc#1012382).\n\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL)\n (bnc#1012382).\n\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n\n - nfs: Do not take a reference on fl->fl_file for LOCK\n operation (bnc#1012382).\n\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n\n - nfsv4.1 respect server's max size in CREATE_SESSION\n (bnc#1012382).\n\n - nfsv4: Fix client recovery when server reboots multiple\n times (bnc#1012382).\n\n - nohz: Prevent a timer interrupt storm in\n tick_nohz_stop_sched_tick() (bnc#1012382).\n\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ\n (aka FIONREAD) (bnc#1012382).\n\n - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811).\n\n - nvme_fc: fix rogue admin cmds stalling teardown\n (bsc#1075811).\n\n - nvme-fc: merge error on sles12sp3 for reset_work\n (bsc#1079195).\n\n - nvme-pci: Remove watchdog timer (bsc#1066163).\n\n - openrisc: fix issue handling 8 byte get_user calls\n (bnc#1012382).\n\n - packet: fix crash in fanout_demux_rollover()\n (bnc#1012382).\n\n - parisc: Fix alignment of pa_tlb_lock in assembly on\n 32-bit SMP kernel (bnc#1012382).\n\n - parisc: Hide Diva-built-in serial aux and graphics card\n (bnc#1012382).\n\n - partially revert tipc improve link resiliency when rps\n is activated (bsc#1068038).\n\n - pci/AER: Report non-fatal errors only to the affected\n endpoint (bnc#1012382).\n\n - pci: Avoid bus reset if bridge itself is broken\n (bnc#1012382).\n\n - pci: Create SR-IOV virtfn/physfn links before attaching\n driver (bnc#1012382).\n\n - pci: Detach driver before procfs & sysfs teardown on\n device remove (bnc#1012382).\n\n - pci/PME: Handle invalid data when reading Root Status\n (bnc#1012382).\n\n - pci / PM: Force devices to D0 in pci_pm_thaw_noirq()\n (bnc#1012382).\n\n - perf symbols: Fix symbols__fixup_end heuristic for\n corner cases (bnc#1012382).\n\n - perf test attr: Fix ignored test case result\n (bnc#1012382).\n\n - phy: work around 'phys' references to usb-nop-xceiv\n devices (bnc#1012382).\n\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n\n - pinctrl: st: add irq_request/release_resources callbacks\n (bnc#1012382).\n\n - pipe: avoid round_pipe_size() nr_pages overflow on\n 32-bit (bnc#1012382).\n\n - powerpc/64: Add macros for annotating the destination of\n rfid/hrfid (bsc#1068032, bsc#1075087).\n\n - powerpc/64: Convert fast_exception_return to use\n RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64: Convert the syscall exit path to use\n RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Add EX_SIZE definition for paca exception\n save areas (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Add support for RFI flush of L1-D cache\n (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Allow control of RFI flush via debugfs\n (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Convert slb_miss_common to use\n RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032,\n bsc#1075087).\n\n - powerpc/64s: Support disabling RFI flush with\n no_rfi_flush and nopti (bsc#1068032, bsc#1075087).\n\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n\n - powerpc/asm: Allow including ppc_asm.h in asm files\n (bsc#1068032, bsc#1075087).\n\n - powerpc/ipic: Fix status get and status clear\n (bnc#1012382).\n\n - powerpc/perf: Dereference BHRB entries safely\n (bsc#1066223).\n\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord\n (bnc#1012382).\n\n - powerpc/powernv: Check device-tree for RFI flush\n settings (bsc#1068032, bsc#1075087).\n\n - powerpc/powernv/cpufreq: Fix the frequency read by\n /proc/cpuinfo (bnc#1012382).\n\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE\n levels requested (bnc#1012382).\n\n - powerpc/pseries: include linux/types.h in asm/hvcall.h\n (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS\n (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: Query hypervisor for RFI flush settings\n (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after\n LPM migration (bsc#1068032, bsc#1075087).\n\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after\n LPM migration (bsc#1068032, bsc#1075087). \n\n - powerpc/rfi-flush: Add DEBUG_RFI config option\n (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init\n (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Move RFI flush fields out of the paca\n (unbreak kABI) (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: Move the logic to avoid a redo into\n the sysfs code (bsc#1068032, bsc#1075087).\n\n - powerpc/rfi-flush: prevent crash when changing flush\n type to fallback after system boot (bsc#1068032,\n bsc#1075087).\n\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n\n - pppoe: take ->needed_headroom of lower device into\n account on xmit (bnc#1012382).\n\n - pti: unbreak EFI (bsc#1074709).\n\n - r8152: fix the list rx_done may be used without\n initialization (bnc#1012382).\n\n - r8152: prevent the driver from transmitting packets with\n carrier off (bnc#1012382).\n\n - r8169: fix memory corruption on retrieval of hardware\n statistics (bnc#1012382).\n\n - raid5: Set R5_Expanded on parity devices as well as data\n (bnc#1012382).\n\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n\n - rdma/cma: Avoid triggering undefined behavior\n (bnc#1012382).\n\n - rdma/i40iw: Remove MSS change support (bsc#1024376\n FATE#321249).\n\n - rds: Fix NULL pointer dereference in __rds_rdma_map\n (bnc#1012382).\n\n - rds: Heap OOB write in rds_message_alloc_sgs()\n (bnc#1012382).\n\n - rds: NULL pointer dereference in rds_atomic_free_op\n (bnc#1012382).\n\n - regulator: core: Rely on regulator_dev_release to free\n constraints (bsc#1074847).\n\n - regulator: da9063: Return an error code on probe failure\n (bsc#1074847).\n\n - regulator: pwm: Fix regulator ramp delay for continuous\n mode (bsc#1074847).\n\n - regulator: Try to resolve regulators supplies on\n registration (bsc#1074847).\n\n - Revert 'Bluetooth: btusb: driver to enable the\n usb-wakeup feature' (bnc#1012382).\n\n - Revert 'drm/armada: Fix compile fail' (bnc#1012382).\n\n - Revert 'kaiser: vmstat show NR_KAISERTABLE as\n nr_overhead' (kabi).\n\n - Revert 'lib/genalloc.c: make the avail variable an\n atomic_long_t' (kabi).\n\n - Revert 'module: Add retpoline tag to VERMAGIC'\n (bnc#1012382 kabi).\n\n - Revert 'module: Add retpoline tag to VERMAGIC' (kabi).\n\n - Revert 'ocfs2: should wait dio before inode lock in\n ocfs2_setattr()' (bnc#1012382).\n\n - Revert 's390/kbuild: enable modversions for symbols\n exported from asm' (bnc#1012382).\n\n - Revert 'sched/deadline: Use the revised wakeup rule for\n suspending constrained dl tasks' (kabi).\n\n - Revert 'scsi: libsas: align sata_device's rps_resp on a\n cacheline' (kabi).\n\n - Revert 'spi: SPI_FSL_DSPI should depend on HAS_DMA'\n (bnc#1012382).\n\n - Revert 'userfaultfd: selftest: vm: allow to build in vm/\n directory' (bnc#1012382).\n\n - Revert 'x86/efi: Build our own page table structures'\n (bnc#1012382).\n\n - Revert 'x86/efi: Hoist page table switching code into\n efi_call_virt()' (bnc#1012382).\n\n - Revert 'x86/mm/pat: Ensure cpa->pfn only contains page\n frame numbers' (bnc#1012382).\n\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032,\n bsc#1075087).\n\n - ring-buffer: Mask out the info bits when returning\n buffer page length (bnc#1012382).\n\n - route: also update fnhe_genid when updating a route\n cache (bnc#1012382).\n\n - route: update fnhe_expires for redirect when the fnhe\n exists (bnc#1012382).\n\n - rtc: cmos: Initialize hpet timer before irq is\n registered (bsc#1077592).\n\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n\n - rtc: pl031: make interrupt optional (bnc#1012382).\n\n - rtc: set the alarm to the next expiring timer\n (bnc#1012382).\n\n - s390: always save and restore all registers on context\n switch (bnc#1012382).\n\n - s390/cpuinfo: show facilities as reported by stfle\n (bnc#1076847, LTC#163740).\n\n - s390: fix compat system call table (bnc#1012382).\n\n - s390/pci: do not require AIS facility (bnc#1012382).\n\n - s390/qeth: no ETH header for outbound AF_IUCV\n (LTC#156276 bnc#1012382 bnc#1053472).\n\n - s390/runtime instrumentation: simplify task exit\n handling (bnc#1012382).\n\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n\n - sched/deadline: Make sure the replenishment timer fires\n in the next period (bnc#1012382).\n\n - sched/deadline: Throttle a constrained deadline task\n activated after the deadline (bnc#1012382).\n\n - sched/deadline: Use deadline instead of period when\n calculating overflow (bnc#1012382).\n\n - sched/deadline: Use the revised wakeup rule for\n suspending constrained dl tasks (bnc#1012382).\n\n - sched/deadline: Zero out positive runtime after\n throttling constrained tasks (git-fixes).\n\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n\n - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS\n (bsc#1069138).\n\n - scsi: hpsa: cleanup sas_phy structures in sysfs when\n unloading (bnc#1012382).\n\n - scsi: hpsa: destroy sas transport properties before\n scsi_host (bnc#1012382).\n\n - scsi: libsas: align sata_device's rps_resp on a\n cacheline (bnc#1012382).\n\n - scsi: lpfc: Use after free in lpfc_rq_buf_free()\n (bsc#1037838).\n\n - scsi: mpt3sas: Fix IO error occurs on pulling out a\n drive from RAID1 volume created on two SATA drive\n (bnc#1012382).\n\n - scsi: sd: change allow_restart to bool in sysfs\n interface (bnc#1012382).\n\n - scsi: sd: change manage_start_stop to bool in sysfs\n interface (bnc#1012382).\n\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n\n - scsi: sr: wait for the medium to become ready\n (bsc#1048585).\n\n - sctp: do not allow the v4 socket to bind a v4mapped v6\n address (bnc#1012382).\n\n - sctp: do not free asoc when it is already dead in\n sctp_sendmsg (bnc#1012382).\n\n - sctp: Replace use of sockets_allocated with specified\n macro (bnc#1012382).\n\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n\n - sctp: use the right sk after waking up from wait_buf\n sleep (bnc#1012382).\n\n - selftest/powerpc: Fix false failures for skipped tests\n (bnc#1012382).\n\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n\n - selftests/x86/ldt_get: Add a few additional tests for\n limits (bnc#1012382).\n\n - serial: 8250_pci: Add Amazon PCI serial device ID\n (bnc#1012382).\n\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X\n (bnc#1012382).\n\n - series.conf: move core networking (including netfilter)\n into sorted section\n\n - series.conf: whitespace cleanup\n\n - Set supported_modules_check 1 (bsc#1072163).\n\n - sfc: do not warn on successful change of MAC\n (bnc#1012382).\n\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n\n - sh_eth: fix TSU resource handling (bnc#1012382).\n\n - sit: update frag_off info (bnc#1012382).\n\n - sock: free skb in skb_complete_tx_timestamp on error\n (bnc#1012382).\n\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n\n - spi_ks8995: fix 'BUG: key accdaa28 not in .data!'\n (bnc#1012382).\n\n - spi: sh-msiof: Fix DMA transfer size check\n (bnc#1012382).\n\n - spi: xilinx: Detect stall with Unknown commands\n (bnc#1012382).\n\n - staging: android: ashmem: fix a race condition in\n ASHMEM_SET_SIZE ioctl (bnc#1012382).\n\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n\n - sunxi-rsb: Include OF based modalias in device uevent\n (bnc#1012382).\n\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n\n - sysfs/cpu: Fix typos in vulnerability documentation\n (bnc#1012382).\n\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994\n bsc#1075091).\n\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n\n - target: Avoid early CMD_T_PRE_EXECUTE failures during\n ABORT_TASK (bnc#1012382).\n\n - target/file: Do not return error for UNMAP if length is\n zero (bnc#1012382).\n\n - target: fix ALUA transition timeout handling\n (bnc#1012382).\n\n - target:fix condition return in\n core_pr_dump_initiator_port() (bnc#1012382).\n\n - target: fix race during implicit transition work flushes\n (bnc#1012382).\n\n - target/iscsi: Fix a race condition in\n iscsit_add_reject_from_cmd() (bnc#1012382).\n\n - target: Use system workqueue for ALUA transitions\n (bnc#1012382).\n\n - tcp: correct memory barrier usage in tcp_check_space()\n (bnc#1012382).\n\n - tcp: fix under-evaluated ssthresh in TCP Vegas\n (bnc#1012382).\n\n - tcp md5sig: Use skb's saddr when replying to an incoming\n segment (bnc#1012382).\n\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n\n - tg3: Fix rx hang on MTU change with 5717/5719\n (bnc#1012382).\n\n - thermal/drivers/step_wise: Fix temperature regulation\n misbehavior (bnc#1012382).\n\n - thermal: hisilicon: Handle return value of\n clk_prepare_enable (bnc#1012382).\n\n - tipc: fix cleanup at module unload (bnc#1012382).\n\n - tipc: fix memory leak in tipc_accept_from_sock()\n (bnc#1012382).\n\n - tipc: improve link resiliency when rps is activated\n (bsc#1068038).\n\n - tracing: Allocate mask_str buffer dynamically\n (bnc#1012382).\n\n - tracing: Fix converting enum's from the map in\n trace_event_eval_update() (bnc#1012382).\n\n - tracing: Fix crash when it fails to alloc ring buffer\n (bnc#1012382).\n\n - tracing: Fix possible double free on failure of\n allocating trace buffer (bnc#1012382).\n\n - tracing: Remove extra zeroing out of the ring buffer\n page (bnc#1012382).\n\n - tty fix oops when rmmod 8250 (bnc#1012382).\n\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate\n devices (bnc#1012382).\n\n - uas: ignore UAS for Norelsys NS1068(X) chips\n (bnc#1012382).\n\n - udf: Avoid overflow when session starts at large offset\n (bnc#1012382).\n\n - um: link vmlinux with -no-pie (bnc#1012382).\n\n - usb: Add device quirk for Logitech HD Pro Webcam C925e\n (bnc#1012382).\n\n - usb: add RESET_RESUME for ELSA MicroLink 56K\n (bnc#1012382).\n\n - usb: core: Add type-specific length check of BOS\n descriptors (bnc#1012382).\n\n - usb: core: prevent malicious bNumInterfaces overflow\n (bnc#1012382).\n\n - usb: devio: Prevent integer overflow in\n proc_do_submiturb() (bnc#1012382).\n\n - usb: Fix off by one in type-specific length check of BOS\n SSP capability (git-fixes).\n\n - usb: fix usbmon BUG trigger (bnc#1012382).\n\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from\n sleeping (bnc#1012382).\n\n - usb: gadgetfs: Fix a potential memory leak in\n 'dev_config()' (bnc#1012382).\n\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for\n SuperSpeed (bnc#1012382).\n\n - usb: gadget: udc: remove pointer dereference after free\n (bnc#1012382).\n\n - usb: hub: Cycle HUB power when initialization fails\n (bnc#1012382).\n\n - usb: Increase usbfs transfer limit (bnc#1012382).\n\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n\n - usbip: Fix potential format overflow in userspace tools\n (bnc#1012382).\n\n - usbip: fix stub_rx: get_pipe() to validate endpoint\n number (bnc#1012382).\n\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle\n malicious input (bnc#1012382).\n\n - usbip: fix stub_send_ret_submit() vulnerability to null\n transfer_buffer (bnc#1012382).\n\n - usbip: fix usbip bind writing random string after\n command in match_busid (bnc#1012382).\n\n - usbip: prevent leaking socket pointer address in\n messages (bnc#1012382).\n\n - usbip: prevent vhci_hcd driver from leaking a socket\n pointer address (bnc#1012382).\n\n - usbip: remove kernel addresses from usb device and urb\n debug msgs (bnc#1012382).\n\n - usbip: stub: stop printing kernel pointer addresses in\n messages (bnc#1012382).\n\n - usbip: vhci: stop printing kernel pointer addresses in\n messages (bnc#1012382).\n\n - usb: misc: usb3503: make sure reset is low for at least\n 100us (bnc#1012382).\n\n - usb: musb: da8xx: fix babble condition handling\n (bnc#1012382).\n\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is\n disabled (git-fixes).\n\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe()\n (bnc#1012382).\n\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C\n Hub (bnc#1012382).\n\n - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio\n IQ (bnc#1012382).\n\n - usb: serial: cp210x: add new device ID ELV ALC 8xxx\n (bnc#1012382).\n\n - usb: serial: ftdi_sio: add id for Airbus DS P8GR\n (bnc#1012382).\n\n - usb: serial: option: adding support for YUGA CLM920-NC5\n (bnc#1012382).\n\n - usb: serial: option: add Quectel BG96 id (bnc#1012382).\n\n - usb: serial: option: add support for Telit ME910 PID\n 0x1101 (bnc#1012382).\n\n - usb: serial: qcserial: add Sierra Wireless EM7565\n (bnc#1012382).\n\n - usb: uas and storage: Add US_FL_BROKEN_FUA for another\n JMicron JMS567 ID (bnc#1012382).\n\n - usb: usbfs: Filter flags passed in from user space\n (bnc#1012382).\n\n - usb: usbip: Fix possible deadlocks reported by lockdep\n (bnc#1012382).\n\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas\n uPD720201 (bnc#1012382).\n\n - usb: xhci: fix panic in\n xhci_free_virt_devices_depth_first (bnc#1012382).\n\n - userfaultfd: selftest: vm: allow to build in vm/\n directory (bnc#1012382).\n\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE\n (bnc#1012382).\n\n - video: fbdev: au1200fb: Release some resources if a\n memory allocation fails (bnc#1012382).\n\n - video: fbdev: au1200fb: Return an error code if a memory\n allocation fails (bnc#1012382).\n\n - virtio: release virtio index when fail to\n device_register (bnc#1012382).\n\n - vmxnet3: repair memory leak (bnc#1012382).\n\n - vsyscall: Fix permissions for emulate mode with\n KAISER/PTI (bnc#1012382).\n\n - vt6655: Fix a possible sleep-in-atomic bug in\n vt6655_suspend (bnc#1012382).\n\n - vti6: Do not report path MTU below IPV6_MIN_MTU\n (bnc#1012382).\n\n - vti6: fix device register to report IFLA_INFO_KIND\n (bnc#1012382).\n\n - workqueue: trigger WARN if queue_delayed_work() is\n called with NULL @wq (bnc#1012382).\n\n - writeback: fix memory leak in wb_queue_work()\n (bnc#1012382).\n\n - x.509: fix buffer overflow detection in sprint_oid()\n (bsc#1075078).\n\n - x.509: reject invalid BIT STRING for subjectPublicKey\n (bnc#1012382).\n\n - x86/acpi: Handle SCI interrupts above legacy space\n gracefully (bsc#1068984).\n\n - x86/acpi: Reduce code duplication in\n mp_override_legacy_irq() (bsc#1068984).\n\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE\n inline asm (bnc#1012382).\n\n - x86/alternatives: Fix optimize_nops() checking\n (bnc#1012382).\n\n - x86/apic/vector: Fix off by one in error path\n (bnc#1012382).\n\n - x86/asm/32: Make sync_core() handle missing CPUID on all\n 32-bit kernels (bnc#1012382).\n\n - x86/boot: Fix early command-line parsing when matching\n at end (bsc#1068032).\n\n - x86/cpu: Factor out application of forced CPU caps\n (bnc#1012382).\n\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]\n (bnc#1012382).\n\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n\n - x86/cpu: Implement CPU vulnerabilites sysfs functions\n (bnc#1012382).\n\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n\n - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).\n\n - x86/cpu: Rename 'WESTMERE2' family to 'NEHALEM_G'\n (bsc#985025).\n\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors\n (bnc#1012382).\n\n - x86/Documentation: Add PTI description (bnc#1012382).\n\n - x86/efi: Build our own page table structures\n (fate#320512).\n\n - x86/efi: Hoist page table switching code into\n efi_call_virt() (fate#320512).\n\n - x86/entry: Use SYSCALL_DEFINE() macros for\n sys_modify_ldt() (bnc#1012382).\n\n - x86/hpet: Prevent might sleep splat on resume\n (bnc#1012382).\n\n - x86/kasan: Clear kasan_zero_page after TLB flush\n (bnc#1012382).\n\n - x86/kasan: Write protect kasan zero shadow\n (bnc#1012382).\n\n - x86/microcode/intel: Extend BDW late-loading further\n with LLC size check (bnc#1012382).\n\n - x86/microcode/intel: Extend BDW late-loading with a\n revision check (bnc#1012382).\n\n - x86/microcode/intel: Fix BDW late-loading revision check\n (bnc#1012382).\n\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID)\n earlier (git-fixes).\n\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n\n - x86/mm/pat: Ensure cpa->pfn only contains page frame\n numbers (fate#320588).\n\n - x86/PCI: Make broadcom_postcore_init() check\n acpi_disabled (bnc#1012382).\n\n - x86/pti: Document fix wrong index (bnc#1012382).\n\n - x86/pti/efi: broken conversion from efi to kernel page\n table (bnc#1012382).\n\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN\n (bnc#1012382).\n\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if\n retpolines are active (bsc#1068032).\n\n - x86/smpboot: Remove stale TLB flush invocations\n (bnc#1012382).\n\n - x86/spectre_v2: fix ordering in IBRS initialization\n (bsc#1075994 bsc#1075091).\n\n - x86/spectre_v2: nospectre_v2 means nospec too\n (bsc#1075994 bsc#1075091).\n\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export\n (bnc#1012382).\n\n - x86/vm86/32: Switch to flush_tlb_mm_range() in\n mark_screen_rdonly() (bnc#1012382).\n\n - xen-netfront: avoid crashing on resume after a failure\n in talk_to_netback() (bnc#1012382).\n\n - xen-netfront: Improve error handling during\n initialization (bnc#1012382).\n\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n\n - xfs: add configurable error support to metadata buffers\n (bsc#1068569).\n\n - xfs: add configuration handlers for specific errors\n (bsc#1068569).\n\n - xfs: add configuration of error failure speed\n (bsc#1068569).\n\n - xfs: add 'fail at unmount' error handling configuration\n (bsc#1068569).\n\n - xfs: Add infrastructure needed for error propagation\n during buffer IO failure (bsc#1068569).\n\n - xfs: address kabi for xfs buffer retry infrastructure\n (kabi).\n\n - xfs: configurable error behavior via sysfs\n (bsc#1068569).\n\n - xfs: fix incorrect extent state in\n xfs_bmap_add_extent_unwritten_real (bnc#1012382).\n\n - xfs: fix log block underflow during recovery cycle\n verification (bnc#1012382).\n\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n\n - xfs: introduce metadata IO error class (bsc#1068569).\n\n - xfs: introduce table-based init for error behaviors\n (bsc#1068569).\n\n - xfs: Properly retry failed inode items in case of error\n during buffer writeback (bsc#1068569).\n\n - xfs: reinit btree pointer on attr tree inactivation walk\n (bsc#1078787).\n\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n\n - xfs: validate sb_logsunit is a multiple of the fs\n blocksize (bsc#1077513).\n\n - xhci: Do not add a virt_dev to the devs array before\n it's fully allocated (bnc#1012382).\n\n - xhci: Fix ring leak in failure path of\n xhci_alloc_virt_device() (bnc#1012382).\n\n - xhci: plat: Register shutdown for xhci_plat\n (bnc#1012382).\n\n - zram: set physical queue limits to avoid array out of\n bounds accesses (bnc#1012382).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985025\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-debuginfo-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-4.4.114-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-debuginfo-4.4.114-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:13:33", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).\n\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0383-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15129", "CVE-2017-17712", "CVE-2017-17862", "CVE-2017-17864", "CVE-2017-18017", "CVE-2017-5715", "CVE-2018-1000004", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0383-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0383-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106672);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-15129\", \"CVE-2017-17712\", \"CVE-2017-17862\", \"CVE-2017-17864\", \"CVE-2017-18017\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0383-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-15129: A use-after-free vulnerability was found\n in network namespaces code affecting the Linux kernel in\n the function get_net_ns_by_id() in\n net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although it is thought to be unlikely\n (bnc#1074839).\n\n - CVE-2017-17712: The raw_sendmsg() function in\n net/ipv4/raw.c in the Linux kernel has a race condition\n in inet->hdrincl that leads to uninitialized stack\n pointer usage; this allowed a local user to execute code\n and gain privileges (bnc#1073229).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux\n kernel ignored unreachable code, even though it would\n still be processed by JIT compilers. This behavior, also\n considered an improper branch-pruning logic issue, could\n possibly be used by local users for denial of service\n (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux\n kernel mishandled states_equal comparisons between the\n pointer data type and the UNKNOWN_VALUE data type, which\n allowed local users to obtain potentially sensitive\n address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed\n remote attackers to cause a denial of service\n (use-after-free and memory corruption) or possibly have\n unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-5332: In the Linux kernel the\n rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page\n pinning fails or an invalid address is supplied, leading\n to an rds_atomic_free_op NULL pointer dereference\n (bnc#1075617).\n\n - CVE-2018-1000004: In the Linux kernel a race condition\n vulnerability existed in the sound system, this can lead\n to a deadlock and denial of service condition\n (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17864/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5333/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180383-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ee4398f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-271=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-271=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-271=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2018-271=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-271=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-271=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-271=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.114-94.11.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.114-94.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.114-94.11.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:13:09", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).\n\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0416-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15129", "CVE-2017-17712", "CVE-2017-17862", "CVE-2017-17864", "CVE-2017-18017", "CVE-2017-5715", "CVE-2018-1000004", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0416-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0416-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106748);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2017-15129\", \"CVE-2017-17712\", \"CVE-2017-17862\", \"CVE-2017-17864\", \"CVE-2017-18017\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0416-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-15129: A use-after-free vulnerability was found\n in network namespaces code affecting the Linux kernel\n The function get_net_ns_by_id() in\n net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although it is thought to be unlikely\n (bnc#1074839).\n\n - CVE-2017-17712: The raw_sendmsg() function in\n net/ipv4/raw.c in the Linux kernel has a race condition\n in inet->hdrincl that leads to uninitialized stack\n pointer usage; this allowed a local user to execute code\n and gain privileges (bnc#1073229).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux\n kernel ignored unreachable code, even though it would\n still be processed by JIT compilers. This behavior, also\n considered an improper branch-pruning logic issue, could\n possibly be used by local users for denial of service\n (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux\n kernel mishandled states_equal comparisons between the\n pointer data type and the UNKNOWN_VALUE data type, which\n allowed local users to obtain potentially sensitive\n address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed\n remote attackers to cause a denial of service\n (use-after-free and memory corruption) or possibly have\n unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2018-1000004: In the Linux kernel a race condition\n vulnerability existed in the sound system, this can lead\n to a deadlock and denial of service condition\n (bnc#1076017).\n\n - CVE-2018-5332: In the Linux kernel the\n rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page\n pinning fails or an invalid address is supplied, leading\n to an rds_atomic_free_op NULL pointer dereference\n (bnc#1075617).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17864/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5333/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180416-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?243cf382\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-285=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-285=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-285=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-285=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2018-285=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2018-285=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-285=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-285=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.114-92.64.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.114-92.64.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T18:55:19", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service (crash or data corruption) or possibly for privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\n - CVE-2017-16538 Andrey Konovalov reported that the dvb-usb-lmedm04 media driver did not correctly handle some error conditions during initialisation. A physically present user with a specially designed USB device can use this to cause a denial of service (crash).\n\n - CVE-2017-16644 Andrey Konovalov reported that the hdpvr media driver did not correctly handle some error conditions during initialisation. A physically present user with a specially designed USB device can use this to cause a denial of service (crash).\n\n - CVE-2017-16995 Jann Horn discovered that the Extended BPF verifier did not correctly model the behaviour of 32-bit load instructions. A local user can use this for privilege escalation.\n\n - CVE-2017-17448 Kevin Cernekee discovered that the netfilter subsystem allowed users with the CAP_NET_ADMIN capability in any user namespace, not just the root namespace, to enable and disable connection tracking helpers. This could lead to denial of service, violation of network security policy, or have other impact.\n\n - CVE-2017-17449 Kevin Cernekee discovered that the netlink subsystem allowed users with the CAP_NET_ADMIN capability in any user namespace to monitor netlink traffic in all net namespaces, not just those owned by that user namespace.\n This could lead to exposure of sensitive information.\n\n - CVE-2017-17450 Kevin Cernekee discovered that the xt_osf module allowed users with the CAP_NET_ADMIN capability in any user namespace to modify the global OS fingerprint list.\n\n - CVE-2017-17558 Andrey Konovalov reported that that USB core did not correctly handle some error conditions during initialisation. A physically present user with a specially designed USB device can use this to cause a denial of service (crash or memory corruption), or possibly for privilege escalation.\n\n - CVE-2017-17712 Mohamed Ghannam discovered a race condition in the IPv4 raw socket implementation. A local user could use this to obtain sensitive information from the kernel.\n\n - CVE-2017-17741 Dmitry Vyukov reported that the KVM implementation for x86 would over-read data from memory when emulating an MMIO write if the kvm_mmio tracepoint was enabled. A guest virtual machine might be able to use this to cause a denial of service (crash).\n\n - CVE-2017-17805 It was discovered that some implementations of the Salsa20 block cipher did not correctly handle zero-length input. A local user could use this to cause a denial of service (crash) or possibly have other security impact.\n\n - CVE-2017-17806 It was discovered that the HMAC implementation could be used with an underlying hash algorithm that requires a key, which was not intended. A local user could use this to cause a denial of service (crash or memory corruption), or possibly for privilege escalation.\n\n - CVE-2017-17807 Eric Biggers discovered that the KEYS subsystem lacked a check for write permission when adding keys to a process's default keyring. A local user could use this to cause a denial of service or to obtain sensitive information.\n\n - CVE-2017-17862 Alexei Starovoitov discovered that the Extended BPF verifier ignored unreachable code, even though it would still be processed by JIT compilers. This could possibly be used by local users for denial of service. It also increases the severity of bugs in determining unreachable code.\n\n - CVE-2017-17863 Jann Horn discovered that the Extended BPF verifier did not correctly model pointer arithmetic on the stack frame pointer. A local user can use this for privilege escalation.\n\n - CVE-2017-17864 Jann Horn discovered that the Extended BPF verifier could fail to detect pointer leaks from conditional code. A local user could use this to obtain sensitive information in order to exploit other vulnerabilities.\n\n - CVE-2017-1000407 Andrew Honig reported that the KVM implementation for Intel processors allowed direct access to host I/O port 0x80, which is not generally safe. On some systems this allows a guest VM to cause a denial of service (crash) of the host.\n\n - CVE-2017-1000410 Ben Seri reported that the Bluetooth subsystem did not correctly handle short EFS information elements in L2CAP messages. An attacker able to communicate over Bluetooth could use this to obtain sensitive information from the kernel.\n\nThe various problems in the Extended BPF verifier can be mitigated by disabling use of Extended BPF by unprivileged users:sysctl kernel.unprivileged_bpf_disabled=1\n\nDebian disables unprivileged user namespaces by default, but if they are enabled (via the kernel.unprivileged_userns_clone sysctl) then CVE-2017-17448 can be exploited by any local user.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-26T00:00:00", "type": "nessus", "title": "Debian DSA-4073-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16995", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-8824"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4073.NASL", "href": "https://www.tenable.com/plugins/nessus/105433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4073. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105433);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-1000410\", \"CVE-2017-16538\", \"CVE-2017-16644\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17712\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-8824\");\n script_xref(name:\"DSA\", value:\"4073\");\n\n script_name(english:\"Debian DSA-4073-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-8824\n Mohamed Ghannam discovered that the DCCP implementation\n did not correctly manage resources when a socket is\n disconnected and reconnected, potentially leading to a\n use-after-free. A local user could use this for denial\n of service (crash or data corruption) or possibly for\n privilege escalation. On systems that do not already\n have the dccp module loaded, this can be mitigated by\n disabling it:echo >> /etc/modprobe.d/disable-dccp.conf\n install dccp false\n\n - CVE-2017-16538\n Andrey Konovalov reported that the dvb-usb-lmedm04 media\n driver did not correctly handle some error conditions\n during initialisation. A physically present user with a\n specially designed USB device can use this to cause a\n denial of service (crash).\n\n - CVE-2017-16644\n Andrey Konovalov reported that the hdpvr media driver\n did not correctly handle some error conditions during\n initialisation. A physically present user with a\n specially designed USB device can use this to cause a\n denial of service (crash).\n\n - CVE-2017-16995\n Jann Horn discovered that the Extended BPF verifier did\n not correctly model the behaviour of 32-bit load\n instructions. A local user can use this for privilege\n escalation.\n\n - CVE-2017-17448\n Kevin Cernekee discovered that the netfilter subsystem\n allowed users with the CAP_NET_ADMIN capability in any\n user namespace, not just the root namespace, to enable\n and disable connection tracking helpers. This could lead\n to denial of service, violation of network security\n policy, or have other impact.\n\n - CVE-2017-17449\n Kevin Cernekee discovered that the netlink subsystem\n allowed users with the CAP_NET_ADMIN capability in any\n user namespace to monitor netlink traffic in all net\n namespaces, not just those owned by that user namespace.\n This could lead to exposure of sensitive information.\n\n - CVE-2017-17450\n Kevin Cernekee discovered that the xt_osf module allowed\n users with the CAP_NET_ADMIN capability in any user\n namespace to modify the global OS fingerprint list.\n\n - CVE-2017-17558\n Andrey Konovalov reported that that USB core did not\n correctly handle some error conditions during\n initialisation. A physically present user with a\n specially designed USB device can use this to cause a\n denial of service (crash or memory corruption), or\n possibly for privilege escalation.\n\n - CVE-2017-17712\n Mohamed Ghannam discovered a race condition in the IPv4\n raw socket implementation. A local user could use this\n to obtain sensitive information from the kernel.\n\n - CVE-2017-17741\n Dmitry Vyukov reported that the KVM implementation for\n x86 would over-read data from memory when emulating an\n MMIO write if the kvm_mmio tracepoint was enabled. A\n guest virtual machine might be able to use this to cause\n a denial of service (crash).\n\n - CVE-2017-17805\n It was discovered that some implementations of the\n Salsa20 block cipher did not correctly handle\n zero-length input. A local user could use this to cause\n a denial of service (crash) or possibly have other\n security impact.\n\n - CVE-2017-17806\n It was discovered that the HMAC implementation could be\n used with an underlying hash algorithm that requires a\n key, which was not intended. A local user could use this\n to cause a denial of service (crash or memory\n corruption), or possibly for privilege escalation.\n\n - CVE-2017-17807\n Eric Biggers discovered that the KEYS subsystem lacked a\n check for write permission when adding keys to a\n process's default keyring. A local user could use this\n to cause a denial of service or to obtain sensitive\n information.\n\n - CVE-2017-17862\n Alexei Starovoitov discovered that the Extended BPF\n verifier ignored unreachable code, even though it would\n still be processed by JIT compilers. This could possibly\n be used by local users for denial of service. It also\n increases the severity of bugs in determining\n unreachable code.\n\n - CVE-2017-17863\n Jann Horn discovered that the Extended BPF verifier did\n not correctly model pointer arithmetic on the stack\n frame pointer. A local user can use this for privilege\n escalation.\n\n - CVE-2017-17864\n Jann Horn discovered that the Extended BPF verifier\n could fail to detect pointer leaks from conditional\n code. A local user could use this to obtain sensitive\n information in order to exploit other vulnerabilities.\n\n - CVE-2017-1000407\n Andrew Honig reported that the KVM implementation for\n Intel processors allowed direct access to host I/O port\n 0x80, which is not generally safe. On some systems this\n allows a guest VM to cause a denial of service (crash)\n of the host.\n\n - CVE-2017-1000410\n Ben Seri reported that the Bluetooth subsystem did not\n correctly handle short EFS information elements in L2CAP\n messages. An attacker able to communicate over Bluetooth\n could use this to obtain sensitive information from the\n kernel.\n\nThe various problems in the Extended BPF verifier can be mitigated by\ndisabling use of Extended BPF by unprivileged users:sysctl\nkernel.unprivileged_bpf_disabled=1\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-17448 can be exploited by any local user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-17448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4073\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.65-3+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.65-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.65-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:36:40", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3935-1 advisory.\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. (CVE-2017-17862)\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a pointer leak. (CVE-2017-17864)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. (CVE-2018-16882)\n\n - In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-152735806 (CVE-2020-0429)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. (CVE-2021-3653)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\n - A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-16119) (CVE-2021-3753)\n\n - arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)\n\n - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:\n the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.\n (CVE-2021-38160)\n\n - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)\n\n - drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. (CVE-2021-38204)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-12-07T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3935-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17862", "CVE-2017-17864", "CVE-2018-13405", "CVE-2018-16882", "CVE-2020-0429", "CVE-2020-12655", "CVE-2020-14305", "CVE-2020-16119", "CVE-2020-3702", "CVE-2020-4788", "CVE-2021-20265", "CVE-2021-20322", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-34556", "CVE-2021-34981", "CVE-2021-3542", "CVE-2021-35477", "CVE-2021-3640", "CVE-2021-3653", "CVE-2021-3655", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3715", "CVE-2021-37159", "CVE-2021-3732", "CVE-2021-3752", "CVE-2021-3753", "CVE-2021-37576", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-38160", "CVE-2021-38198", "CVE-2021-38204", "CVE-2021-3896", "CVE-2021-40490", "CVE-2021-42008", "CVE-2021-42739", "CVE-2021-43389"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_150-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3935-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155902", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3935-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155902);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2017-17862\",\n \"CVE-2017-17864\",\n \"CVE-2018-13405\",\n \"CVE-2018-16882\",\n \"CVE-2020-0429\",\n \"CVE-2020-3702\",\n \"CVE-2020-4788\",\n \"CVE-2020-12655\",\n \"CVE-2020-14305\",\n \"CVE-2021-3542\",\n \"CVE-2021-3640\",\n \"CVE-2021-3653\",\n \"CVE-2021-3655\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3715\",\n \"CVE-2021-3732\",\n \"CVE-2021-3752\",\n \"CVE-2021-3753\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-20265\",\n \"CVE-2021-20322\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-34556\",\n \"CVE-2021-34981\",\n \"CVE-2021-35477\",\n \"CVE-2021-37159\",\n \"CVE-2021-37576\",\n \"CVE-2021-38160\",\n \"CVE-2021-38198\",\n \"CVE-2021-38204\",\n \"CVE-2021-40490\",\n \"CVE-2021-42008\",\n \"CVE-2021-42739\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3935-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3935-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3935-1 advisory.\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would\n still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic\n issue, could possibly be used by local users for denial of service. (CVE-2017-17862)\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the\n pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially\n sensitive address information, aka a pointer leak. (CVE-2017-17864)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create\n files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and\n is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a\n plain file whose group ownership is that group. The intended behavior was that the non-member can trigger\n creation of a directory (but not a plain file) whose group ownership is that group. The non-member can\n escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts\n when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while\n processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor\n address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash\n the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before\n 4.14.91 and before 4.19.13 are vulnerable. (CVE-2018-16882)\n\n - In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a\n use after free. This could lead to local escalation of privilege with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-152735806 (CVE-2020-0429)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects\n the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store\n operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when\n processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested\n guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to\n enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest\n would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak\n of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to\n 5.14-rc7. (CVE-2021-3653)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was\n found in the way user uses trace ring buffer in a specific way. Only privileged local users (with\n CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\n - A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a\n listener, the socket will be used after being released leading to denial of service (DoS) or a potential\n code execution. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2020-16119) (CVE-2021-3753)\n\n - arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest\n OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)\n\n - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss\n can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:\n the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the\n length validation was added solely for robustness in the face of anomalous host OS behavior.\n (CVE-2021-38160)\n\n - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access\n permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)\n\n - drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to\n cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain\n situations. (CVE-2021-38204)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1073928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1098425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1100416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1119934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192781\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009856.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71e58fa3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-17862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-17864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_150-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-kgraft-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kgraft-patch-4_4_180-94_150-default-1-4.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.150.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.150.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.150.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.150.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.150.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.150.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.150.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.150.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'kernel-default-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-kgraft-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-man-4.4.180-94.150.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.150.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.150.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kgraft-patch-4_4_180-94_150-default-1-4.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-02-28T13:13:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.(CVE-2015-6526i1/4%0\n\n - A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913i1/4%0\n\n - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.(CVE-2013-2930i1/4%0\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.(CVE-2019-5489i1/4%0\n\n - It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses.(CVE-2014-8133i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in the Linux kernel. An out-of-bounds access is possible in write_extent_buffer() when mounting and operating a crafted btrfs image due to a lack of verification at mount time within the btrfs_read_block_groups() in fs/btrfs/extent-tree.c function. This could lead to a system crash and a denial of service.(CVE-2018-14610i1/4%0\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a 'pointer leak.'(CVE-2017-17864i1/4%0\n\n - drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2894i1/4%0\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.(CVE-2018-7757i1/4%0\n\n - It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.(CVE-2017-6001i1/4%0\n\n - In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.(CVE-2019-9162i1/4%0\n\n - An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space.(CVE-2014-4652i1/4%0\n\n - A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system.(CVE-2016-6198i1/4%0\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.(CVE-2016-7097i1/4%0\n\n - A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules.\n A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.(CVE-2014-9644i1/4%0\n\n - An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter 'kernel.unprivileged_bpf_disabled=1' prevents such privilege escalation by restricting access to bpf(2) call.(CVE-2017-16995i1/4%0\n\n - A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops).(CVE-2017-15274i1/4%0\n\n - A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.(CVE-2016-4470i1/4%0\n\n - A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.(CVE-2016-4565i1/4%0\n\n - It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system.(CVE-2015-8215i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2894", "CVE-2013-2930", "CVE-2014-4652", "CVE-2014-8133", "CVE-2014-9644", "CVE-2015-6526", "CVE-2015-8215", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-4913", "CVE-2016-6198", "CVE-2016-7097", "CVE-2017-15274", "CVE-2017-16995", "CVE-2017-17864", "CVE-2017-6001", "CVE-2018-14610", "CVE-2018-7757", "CVE-2019-5489", "CVE-2019-9162"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/124985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124985);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2013-2894\",\n \"CVE-2013-2930\",\n \"CVE-2014-4652\",\n \"CVE-2014-8133\",\n \"CVE-2014-9644\",\n \"CVE-2015-6526\",\n \"CVE-2015-8215\",\n \"CVE-2016-4470\",\n \"CVE-2016-4565\",\n \"CVE-2016-4913\",\n \"CVE-2016-6198\",\n \"CVE-2016-7097\",\n \"CVE-2017-15274\",\n \"CVE-2017-16995\",\n \"CVE-2017-17864\",\n \"CVE-2017-6001\",\n \"CVE-2018-14610\",\n \"CVE-2018-7757\",\n \"CVE-2019-5489\",\n \"CVE-2019-9162\"\n );\n script_bugtraq_id(\n 62052,\n 64318,\n 68170,\n 71684,\n 72320\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel's perf\n subsystem retrieved userlevel stack traces on PowerPC\n systems. A local, unprivileged user could use this flaw\n to cause a denial of service on the system by creating\n a special stack layout that would force the\n perf_callchain_user_64() function into an infinite\n loop.(CVE-2015-6526i1/4%0\n\n - A vulnerability was found in the Linux kernel. Payloads\n of NM entries are not supposed to contain NUL. When\n such entry is processed, only the part prior to the\n first NUL goes into the concatenation (i.e. the\n directory entry name being encoded by a bunch of NM\n entries). The process stops when the amount collected\n so far + the claimed amount in the current NM entry\n exceed 254. However, the value returned as the total\n length is the sum of *claimed* sizes, not the actual\n amount collected. And that's what will be passed to\n readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913i1/4%0\n\n - The perf_trace_event_perm function in\n kernel/trace/trace_event_perf.c in the Linux kernel\n before 3.12.2 does not properly restrict access to the\n perf subsystem, which allows local users to enable\n function tracing via a crafted\n application.(CVE-2013-2930i1/4%0\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes\n on the same system, potentially allowing sniffing of\n secret information. (Fixing this affects the output of\n the fincore program.) Limited remote exploitation may\n be possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP\n Server.(CVE-2019-5489i1/4%0\n\n - It was found that the espfix functionality could be\n bypassed by installing a 16-bit RW data segment into\n GDT instead of LDT (which espfix checks), and using\n that segment on the stack. A local, unprivileged user\n could potentially use this flaw to leak kernel stack\n addresses.(CVE-2014-8133i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in\n the Linux kernel. An out-of-bounds access is possible\n in write_extent_buffer() when mounting and operating a\n crafted btrfs image due to a lack of verification at\n mount time within the btrfs_read_block_groups() in\n fs/btrfs/extent-tree.c function. This could lead to a\n system crash and a denial of service.(CVE-2018-14610i1/4%0\n\n - kernel/bpf/verifier.c in the Linux kernel through\n 4.14.8 mishandles states_equal comparisons between the\n pointer data type and the UNKNOWN_VALUE data type,\n which allows local users to obtain potentially\n sensitive address information, aka a 'pointer\n leak.'(CVE-2017-17864i1/4%0\n\n - drivers/hid/hid-lenovo-tpkbd.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through\n 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows\n physically proximate attackers to cause a denial of\n service (heap-based out-of-bounds write) via a crafted\n device.(CVE-2013-2894i1/4%0\n\n - Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c in the Linux kernel\n allows local users to cause a denial of service (kernel\n memory exhaustion) via multiple read accesses to files\n in the /sys/class/sas_phy directory.(CVE-2018-7757i1/4%0\n\n - It was found that the original fix for CVE-2016-6786\n was incomplete. There exist a race between two\n concurrent sys_perf_event_open() calls when both try\n and move the same pre-existing software group into a\n hardware context.(CVE-2017-6001i1/4%0\n\n - In the Linux kernel before 4.20.12,\n net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP\n NAT module has insufficient ASN.1 length checks (aka an\n array index error), making out-of-bounds read and write\n operations possible, leading to an OOPS or local\n privilege escalation. This affects snmp_version and\n snmp_helper.(CVE-2019-9162i1/4%0\n\n - An information leak flaw was found in the way the Linux\n kernel's Advanced Linux Sound Architecture (ALSA)\n implementation handled access of the user control's\n state. A local, privileged user could use this flaw to\n leak kernel memory to user space.(CVE-2014-4652i1/4%0\n\n - A flaw was found that the vfs_rename() function did not\n detect hard links on overlayfs. A local, unprivileged\n user could use the rename syscall on overlayfs on top\n of xfs to crash the system.(CVE-2016-6198i1/4%0\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.(CVE-2016-7097i1/4%0\n\n - A flaw was found in the way the Linux kernel's Crypto\n subsystem handled automatic loading of kernel modules.\n A local user could use this flaw to load any installed\n kernel module, and thus increase the attack surface of\n the running kernel.(CVE-2014-9644i1/4%0\n\n - An arbitrary memory r/w access issue was found in the\n Linux kernel compiled with the eBPF bpf(2) system call\n (CONFIG_BPF_SYSCALL) support. The issue could occur due\n to calculation errors in the eBPF verifier module,\n triggered by user supplied malicious BPF program. An\n unprivileged user could use this flaw to escalate their\n privileges on a system. Setting parameter\n 'kernel.unprivileged_bpf_disabled=1' prevents such\n privilege escalation by restricting access to bpf(2)\n call.(CVE-2017-16995i1/4%0\n\n - A flaw was found in the implementation of associative\n arrays where the add_key systemcall and KEYCTL_UPDATE\n operations allowed for a NULL payload with a nonzero\n length. When accessing the payload within this length\n parameters value, an unprivileged user could trivially\n cause a NULL pointer dereference (kernel\n oops).(CVE-2017-15274i1/4%0\n\n - A flaw was found in the Linux kernel's keyring handling\n code: the key_reject_and_link() function could be\n forced to free an arbitrary memory block. An attacker\n could use this flaw to trigger a use-after-free\n condition on the system, potentially allowing for\n privilege escalation.(CVE-2016-4470i1/4%0\n\n - A flaw was found in the way certain interfaces of the\n Linux kernel's Infiniband subsystem used write() as\n bi-directional ioctl() replacement, which could lead to\n insufficient memory security checks when being invoked\n using the splice() system call. A local unprivileged\n user on a system with either Infiniband hardware\n present or RDMA Userspace Connection Manager Access\n module explicitly loaded, could use this flaw to\n escalate their privileges on the\n system.(CVE-2016-4565i1/4%0\n\n - It was found that the Linux kernel's IPv6 network stack\n did not properly validate the value of the MTU variable\n when it was set. A remote attacker could potentially\n use this flaw to disrupt a target system's networking\n (packet loss) by setting an invalid MTU value, for\n example, via a NetworkManager daemon that is processing\n router advertisement packets running on the target\n system.(CVE-2015-8215i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1532\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf9dd973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T13:48:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.(CVE-2018-10074i1/4%0\n\n - An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client.(CVE-2014-4027i1/4%0\n\n - It was found that in the Linux kernel version 4.2-rc1 to 4.3-rc1, a use of uninitialized 'n_proto', 'ip_proto', and 'thoff' variables in\n __skb_flow_dissect() function can lead to a remote denial-of-service via malformed MPLS packet.(CVE-2017-13715i1/4%0\n\n - It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2017-7308i1/4%0\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited.(CVE-2016-3672i1/4%0\n\n - sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.(CVE-2016-2065i1/4%0\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.(CVE-2016-6480i1/4%0\n\n - The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.(CVE-2017-8925i1/4%0\n\n - The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.(CVE-2017-15102i1/4%0\n\n - The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.(CVE-2016-4486i1/4%0\n\n - A vulnerability was found in the Linux kernel's lp_setup() function where it doesn't apply any bounds checking when passing 'lp=none'. This can result into overflow of the parport_nr array. An attacker with control over kernel command line can overwrite kernel code and data with fixed (0xff) values.(CVE-2017-1000363i1/4%0\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.(CVE-2016-2549i1/4%0\n\n - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7265i1/4%0\n\n - A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283i1/4%0\n\n - It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command.\n If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system.(CVE-2016-6213i1/4%0\n\n - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.(CVE-2014-0069i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory and create a denial of service situation.(CVE-2016-9685i1/4%0\n\n - Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.(CVE-2016-5344i1/4%0\n\n - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.(CVE-2017-17862i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.(CVE-2016-9555i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7265", "CVE-2014-0069", "CVE-2014-4027", "CVE-2015-5283", "CVE-2016-2065", "CVE-2016-2549", "CVE-2016-3672", "CVE-2016-4486", "CVE-2016-5344", "CVE-2016-6213", "CVE-2016-6480", "CVE-2016-9555", "CVE-2016-9685", "CVE-2017-1000363", "CVE-2017-13715", "CVE-2017-15102", "CVE-2017-17862", "CVE-2017-7308", "CVE-2017-8925", "CVE-2018-10074"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1516.NASL", "href": "https://www.tenable.com/plugins/nessus/124837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124837);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2013-7265\",\n \"CVE-2014-0069\",\n \"CVE-2014-4027\",\n \"CVE-2015-5283\",\n \"CVE-2016-2065\",\n \"CVE-2016-2549\",\n \"CVE-2016-3672\",\n \"CVE-2016-4486\",\n \"CVE-2016-5344\",\n \"CVE-2016-6213\",\n \"CVE-2016-6480\",\n \"CVE-2016-9555\",\n \"CVE-2016-9685\",\n \"CVE-2017-1000363\",\n \"CVE-2017-13715\",\n \"CVE-2017-15102\",\n \"CVE-2017-17862\",\n \"CVE-2017-7308\",\n \"CVE-2017-8925\",\n \"CVE-2018-10074\"\n );\n script_bugtraq_id(\n 64677,\n 65588,\n 67985,\n 68159\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1516)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The hi3660_stub_clk_probe function in\n drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux\n kernel before 4.16 allows local users to cause a denial\n of service (NULL pointer dereference) by triggering a\n failure of resource retrieval.(CVE-2018-10074i1/4%0\n\n - An information leak flaw was found in the RAM Disks\n Memory Copy (rd_mcp) backend driver of the iSCSI Target\n subsystem of the Linux kernel. A privileged user could\n use this flaw to leak the contents of kernel memory to\n an iSCSI initiator remote client.(CVE-2014-4027i1/4%0\n\n - It was found that in the Linux kernel version 4.2-rc1\n to 4.3-rc1, a use of uninitialized 'n_proto',\n 'ip_proto', and 'thoff' variables in\n __skb_flow_dissect() function can lead to a remote\n denial-of-service via malformed MPLS\n packet.(CVE-2017-13715i1/4%0\n\n - It was found that the packet_set_ring() function of the\n Linux kernel's networking implementation did not\n properly validate certain block-size data. A local\n attacker with CAP_NET_RAW capability could use this\n flaw to trigger a buffer overflow, resulting in the\n crash of the system. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled\n out.(CVE-2017-7308i1/4%0\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86\n machine can disable ASLR by setting the RLIMIT_STACK\n resource to unlimited.(CVE-2016-3672i1/4%0\n\n - sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the\n MSM QDSP6 audio driver for the Linux kernel 3.x, as\n used in Qualcomm Innovation Center (QuIC) Android\n contributions for MSM devices and other products,\n allows attackers to cause a denial of service\n (out-of-bounds write and memory corruption) or possibly\n have unspecified other impact via a crafted application\n that makes an ioctl call triggering incorrect use of a\n parameters pointer.(CVE-2016-2065i1/4%0\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.(CVE-2016-6480i1/4%0\n\n - The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel before\n 4.10.4 allows local users to cause a denial of service\n (tty exhaustion) by leveraging reference count\n mishandling.(CVE-2017-8925i1/4%0\n\n - The tower_probe function in\n drivers/usb/misc/legousbtower.c in the Linux kernel\n before 4.8.1 allows local users (who are physically\n proximate for inserting a crafted USB device) to gain\n privileges by leveraging a write-what-where condition\n that occurs after a race condition and a NULL pointer\n dereference.(CVE-2017-15102i1/4%0\n\n - The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel before 4.5.5\n does not initialize a certain data structure, which\n allows local users to obtain sensitive information from\n kernel stack memory by reading a Netlink\n message.(CVE-2016-4486i1/4%0\n\n - A vulnerability was found in the Linux kernel's\n lp_setup() function where it doesn't apply any bounds\n checking when passing 'lp=none'. This can result into\n overflow of the parport_nr array. An attacker with\n control over kernel command line can overwrite kernel\n code and data with fixed (0xff)\n values.(CVE-2017-1000363i1/4%0\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1\n does not prevent recursive callback access, which\n allows local users to cause a denial of service\n (deadlock) via a crafted ioctl call.(CVE-2016-2549i1/4%0\n\n - The pn_recvmsg function in net/phonet/datagram.c in the\n Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call.(CVE-2013-7265i1/4%0\n\n - A NULL pointer dereference flaw was found in the SCTP\n implementation. A local user could use this flaw to\n cause a denial of service on the system by triggering a\n kernel panic when creating multiple sockets in parallel\n while the system did not have the SCTP module\n loaded.(CVE-2015-5283i1/4%0\n\n - It was found that in Linux kernel the mount table\n expands by a power-of-two with each bind mount command.\n If a system is configured to allow non-privileged user\n to do bind mounts, or allows to do so in a container or\n unprivileged mount namespace, then non-privileged user\n is able to cause a local DoS by overflowing the mount\n table, which causes a deadlock for the whole\n system.(CVE-2016-6213i1/4%0\n\n - The cifs_iovec_write function in fs/cifs/file.c in the\n Linux kernel through 3.13.5 does not properly handle\n uncached write operations that copy fewer than the\n requested number of bytes, which allows local users to\n obtain sensitive information from kernel memory, cause\n a denial of service (memory corruption and system\n crash), or possibly gain privileges via a writev system\n call with a crafted pointer.(CVE-2014-0069i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of XFS file attributes. Two memory leaks were detected\n in xfs_attr_shortform_list and xfs_attr3_leaf_list_int\n when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory\n and create a denial of service\n situation.(CVE-2016-9685i1/4%0\n\n - Multiple integer overflows in the MDSS driver for the\n Linux kernel 3.x, as used in Qualcomm Innovation Center\n (QuIC) Android contributions for MSM devices and other\n products, allow attackers to cause a denial of service\n or possibly have unspecified other impact via a large\n size value, related to mdss_compat_utils.c, mdss_fb.c,\n and mdss_rotator.c.(CVE-2016-5344i1/4%0\n\n - kernel/bpf/verifier.c in the Linux kernel through\n 4.14.8 ignores unreachable code, even though it would\n still be processed by JIT compilers. This behavior,\n also considered an improper branch-pruning logic issue,\n could possibly be used by local users for denial of\n service.(CVE-2017-17862i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to\n crash.(CVE-2016-9555i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1516\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?161cd16f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:19:07", "description": "Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).\n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.\nA physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.\n(CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-05T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-11472", "CVE-2017-15129", "CVE-2017-16528", "CVE-2017-16532", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16645", "CVE-2017-16646", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-18203", "CVE-2017-18204", "CVE-2017-18208", "CVE-2017-7518", "CVE-2018-1000026", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-8043"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3619-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3619-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108842);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-11472\", \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-18075\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-7518\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-8043\");\n script_xref(name:\"USN\", value:\"3619-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel improperly performed sign extension\nin some situations. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed\nin the ACPI implementation of the Linux kernel. A local attacker could\nuse this to expose sensitive information (kernel memory addresses).\n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA)\nsubsystem in the Linux kernel contained a use-after-free when handling\ndevice removal. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video\ncapture driver in the Linux kernel did not properly validate interface\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface\n(VHCI) driver in the Linux kernel contained an information disclosure\nvulnerability. A physically proximate attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel did not validate endpoint numbers. A remote attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel did not properly validate CMD_SUBMIT packets. A remote attacker\ncould use this to cause a denial of service (excessive memory\nconsumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel contained a NULL pointer dereference error. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did\nnot properly restrict observations of netlink messages to the\nappropriate net namespace. A local attacker could use this to expose\nsensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did\nnot validate the number of configurations and interfaces in a device.\nA physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na task's' default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic\nissue around unreachable code. A local attacker could use this to\ncause a denial of service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the\nLinux kernel incorrectly freed kernel memory. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper\ncomponent of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the the\nmadvise(2) implementation in the Linux kernel in certain\ncircumstances. A local attacker could use this to cause a denial of\nservice (system hang). (CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux\nkernel was vulnerable to a debug exception error when single-stepping\nthrough a syscall. A local attacker in a non-Linux guest vm could\npossibly use this to gain administrative privileges in the guest vm.\n(CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds write\nduring RDMA page allocation. An attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS\n(Reliable Datagram Sockets) protocol implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver\nin the Linux kernel did not properly validate device resources. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-8043).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3619-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-11472\", \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-18075\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-7518\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-8043\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3619-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1020-kvm\", pkgver:\"4.4.0-1020.25\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1054-aws\", pkgver:\"4.4.0-1054.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1086-raspi2\", pkgver:\"4.4.0-1086.94\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1088-snapdragon\", pkgver:\"4.4.0-1088.93\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-119-generic\", pkgver:\"4.4.0-119.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-119-generic-lpae\", pkgver:\"4.4.0-119.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-119-lowlatency\", pkgver:\"4.4.0-119.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1054.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.119.125\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.119.125\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1020.19\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.119.125\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1086.86\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1088.80\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:18:27", "description": "USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).\n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.\nA physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.\n(CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-11472", "CVE-2017-15129", "CVE-2017-16528", "CVE-2017-16532", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16645", "CVE-2017-16646", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-17862", "CVE-2017-18075", "CVE-2017-18203", "CVE-2017-18204", "CVE-2017-18208", "CVE-2017-7518", "CVE-2018-1000026", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-8043"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3619-2.NASL", "href": "https://www.tenable.com/plugins/nessus/108878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3619-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108878);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-11472\", \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-18075\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-7518\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-8043\");\n script_xref(name:\"USN\", value:\"3619-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nJann Horn discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel improperly performed sign extension\nin some situations. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel\nallowed passthrough of the diagnostic I/O port 0x80. An attacker in a\nguest VM could use this to cause a denial of service (system crash) in\nthe host OS. (CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed\nin the ACPI implementation of the Linux kernel. A local attacker could\nuse this to expose sensitive information (kernel memory addresses).\n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the\nnetwork namespaces implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA)\nsubsystem in the Linux kernel contained a use-after-free when handling\ndevice removal. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the\nLinux kernel did not properly validate endpoint metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video\ncapture driver in the Linux kernel did not properly validate interface\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the\nLinux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB\ndriver in the Linux kernel did not properly validate device\ndescriptors. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in\nthe Linux kernel did not properly handle detach events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not\nproperly validate device descriptors. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface\n(VHCI) driver in the Linux kernel contained an information disclosure\nvulnerability. A physically proximate attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel did not validate endpoint numbers. A remote attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel did not properly validate CMD_SUBMIT packets. A remote attacker\ncould use this to cause a denial of service (excessive memory\nconsumption). (CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux\nkernel contained a NULL pointer dereference error. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did\nnot properly handle holes in hugetlb ranges. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not\nproperly restrict access to the connection tracking helpers list. A\nlocal attacker could use this to bypass intended access restrictions.\n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did\nnot properly restrict observations of netlink messages to the\nappropriate net namespace. A local attacker could use this to expose\nsensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting\n(xt_osf) module did not properly perform access control checks. A\nlocal attacker could improperly modify the system-wide OS fingerprint\nlist. (CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did\nnot validate the number of configurations and interfaces in a device.\nA physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel contained an out-of-bounds read when handling memory-mapped\nI/O. A local attacker could use this to expose sensitive information.\n(CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm\nimplementations in the Linux kernel did not properly handle\nzero-length inputs. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the\nstate of the underlying cryptographic hash algorithm. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly check permissions when a key request was performed on\na task's default keyring. A local attacker could use this to add keys\nto unauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic\nissue around unreachable code. A local attacker could use this to\ncause a denial of service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the\nLinux kernel incorrectly freed kernel memory. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper\ncomponent of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the the\nmadvise(2) implementation in the Linux kernel in certain\ncircumstances. A local attacker could use this to cause a denial of\nservice (system hang). (CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux\nkernel was vulnerable to a debug exception error when single-stepping\nthrough a syscall. A local attacker in a non-Linux guest vm could\npossibly use this to gain administrative privileges in the guest vm.\n(CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the\nLinux kernel did not properly validate Generic Segment Offload (GSO)\npacket sizes. An attacker could use this to cause a denial of service\n(interface unavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS)\nimplementation in the Linux kernel contained an out-of-bounds write\nduring RDMA page allocation. An attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-5332)\n\nMohamed Ghannam discovered a NULL pointer dereference in the RDS\n(Reliable Datagram Sockets) protocol implementation of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5333)\n\nFan Long Fei discovered that a race condition existed in loop block\ndevice implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS\n(Reliable Datagram Sockets) protocol implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver\nin the Linux kernel did not properly validate device resources. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2018-8043).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3619-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF Sign Extension Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-11472\", \"CVE-2017-15129\", \"CVE-2017-16528\", \"CVE-2017-16532\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16645\", \"CVE-2017-16646\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-16994\", \"CVE-2017-16995\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-17862\", \"CVE-2017-18075\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-7518\", \"CVE-2018-1000026\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-8043\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3619-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-1016-aws\", pkgver:\"4.4.0-1016.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-119-generic\", pkgver:\"4.4.0-119.143~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-119-generic-lpae\", pkgver:\"4.4.0-119.143~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-119-lowlatency\", pkgver:\"4.4.0-119.143~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1016.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.119.100\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.119.100\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.119.100\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-1\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558\nCVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852\nCVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856\nCVE-2017-17857 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864\nCVE-2017-5754 CVE-2017-8824\nPackage : linux\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-552\n\nSummary\n=======\n\nThe package linux before version 4.14.11-1 is vulnerable to multiple\nissues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11-1.\n\n# pacman -Syu \"linux>=4.14.11-1\"\n\nThe problems have been fixed upstream in version 4.14.11.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-1] linux: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-1", "href": "https://security.archlinux.org/ASA-201801-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-3\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558\nCVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852\nCVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856\nCVE-2017-17857 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864\nCVE-2017-5754 CVE-2017-8824\nPackage : linux-zen\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-571\n\nSummary\n=======\n\nThe package linux-zen before version 4.14.11-1 is vulnerable to\nmultiple issues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11-1.\n\n# pacman -Syu \"linux-zen>=4.14.11-1\"\n\nThe problems have been fixed upstream in version 4.14.11.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-3] linux-zen: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-3", "href": "https://security.archlinux.org/ASA-201801-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-4\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17448 CVE-2017-17449\nCVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741\nCVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853\nCVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857\nCVE-2017-17862 CVE-2017-17863 CVE-2017-17864 CVE-2017-5754\nCVE-2017-8824\nPackage : linux-hardened\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-574\n\nSummary\n=======\n\nThe package linux-hardened before version 4.14.11.a-1 is vulnerable to\nmultiple issues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11.a-1.\n\n# pacman -Syu \"linux-hardened>=4.14.11.a-1\"\n\nThe problems have been fixed upstream in version 4.14.11.a.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17448 (access restriction bypass)\n\nIt has been discovered that net/netfilter/nfnetlink_cthelper.c in the\nLinux kernel through 4.14.4 does not require the CAP_NET_ADMIN\ncapability for new, get, and del operations, which allows local users\nto bypass intended access restrictions because the nfnl_cthelper_list\ndata structure is shared across all net namespaces.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17450 (access restriction bypass)\n\nIt has been discovered that net/netfilter/xt_osf.c in the Linux kernel\nthrough 4.14.4 does not require the CAP_NET_ADMIN capability for\nadd_callback and remove_callback operations, which allows local users\nto bypass intended access restrictions because the xt_osf_fingers data\nstructure is shared across all net namespaces.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17741 (information disclosure)\n\nThe KVM implementation in the Linux kernel through 4.14.7 allows\nattackers to obtain potentially sensitive information from kernel\nmemory, aka a write_mmio stack-based out-of-bounds read, related to\narch/x86/kvm/x86.c and include/trace/events/kvm.h.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/4b380c42f7d00a395feede754f0bc2292eebe6e5\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://git.kernel.org/linus/916a27901de01446bcf57ecca4783f6cff493309\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/e39d200fa5bf5b94a0948db0dae44c1b73b84a56\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17448\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17450\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17741\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-4] linux-hardened: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-4", "href": "https://security.archlinux.org/ASA-201801-4", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-2\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-17449 CVE-2017-17558 CVE-2017-17712\nCVE-2017-17805 CVE-2017-17806 CVE-2017-17862 CVE-2017-17863\nCVE-2017-17864\nPackage : linux-lts\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-561\n\nSummary\n=======\n\nThe package linux-lts before version 4.9.74-1 is vulnerable to multiple\nissues including denial of service, privilege escalation and\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 4.9.74-1.\n\n# pacman -Syu \"linux-lts>=4.9.74-1\"\n\nThe problems have been fixed upstream in version 4.9.74.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem or obtain sensitive information by sniffing an nlmon interface\nfor all Netlink activity on the system.\n\nReferences\n==========\n\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-2] linux-lts: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-2", "href": "https://security.archlinux.org/ASA-201801-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:02:54", "description": "Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel did not properly check the relationship between pointer \nvalues and the BPF stack. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel mishandled pointer data values in some situations. A \nlocal attacker could use this to to expose sensitive information (kernel \nmemory). (CVE-2017-17864)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17864", "CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863"], "modified": "2018-01-10T00:00:00", "id": "USN-3523-3", "href": "https://ubuntu.com/security/notices/USN-3523-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:02:55", "description": "USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. \nThis update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu \n16.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel did not properly check the relationship between pointer \nvalues and the BPF stack. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel mishandled pointer data values in some situations. A \nlocal attacker could use this to to expose sensitive information (kernel \nmemory). (CVE-2017-17864)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17864", "CVE-2017-5754", "CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863"], "modified": "2018-01-10T00:00:00", "id": "USN-3523-2", "href": "https://ubuntu.com/security/notices/USN-3523-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:03:02", "description": "Jann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel did not properly check the relationship between pointer \nvalues and the BPF stack. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel mishandled pointer data values in some situations. A \nlocal attacker could use this to to expose sensitive information (kernel \nmemory). (CVE-2017-17864)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-09T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17864", "CVE-2017-5754", "CVE-2017-16995", "CVE-2017-17862", "CVE-2017-17863"], "modified": "2018-01-09T00:00:00", "id": "USN-3523-1", "href": "https://ubuntu.com/security/notices/USN-3523-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:59:31", "description": "USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation \nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-16995)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nIt was discovered that an information disclosure vulnerability existed in \nthe ACPI implementation of the Linux kernel. A local attacker could use \nthis to expose sensitive information (kernel memory addresses). \n(CVE-2017-11472)\n\nIt was discovered that a use-after-free vulnerability existed in the \nnetwork namespaces implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-15129)\n\nIt was discovered that the Advanced Linux Sound Architecture (ALSA) \nsubsystem in the Linux kernel contained a use-after-free when handling \ndevice removal. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-16528)\n\nAndrey Konovalov discovered that the usbtest device driver in the Linux \nkernel did not properly validate endpoint metadata. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16532)\n\nAndrey Konovalov discovered that the Conexant cx231xx USB video capture \ndriver in the Linux kernel did not properly validate interface descriptors. \nA physically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16536)\n\nAndrey Konovalov discovered that the SoundGraph iMON USB driver in the \nLinux kernel did not properly validate device metadata. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16537)\n\nAndrey Konovalov discovered that the IMS Passenger Control Unit USB driver \nin the Linux kernel did not properly validate device descriptors. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-16645)\n\nAndrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the \nLinux kernel did not properly handle detach events. A physically proximate \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-16646)\n\nAndrey Konovalov discovered that the CDC USB Ethernet driver did not \nproperly validate device descriptors. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-16649)\n\nAndrey Konovalov discovered that the QMI WWAN USB driver did not properly \nvalidate device descriptors. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2017-16650)\n\nIt was discovered that the USB Virtual Host Controller Interface (VHCI) \ndriver in the Linux kernel contained an information disclosure \nvulnerability. A physically proximate attacker could use this to expose \nsensitive information (kernel memory). (CVE-2017-16911)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not validate endpoint numbers. A remote attacker could use this to \ncause a denial of service (system crash). (CVE-2017-16912)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ndid not properly validate CMD_SUBMIT packets. A remote attacker could use \nthis to cause a denial of service (excessive memory consumption). \n(CVE-2017-16913)\n\nIt was discovered that the USB over IP implementation in the Linux kernel \ncontained a NULL pointer dereference error. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-16914)\n\nIt was discovered that the HugeTLB component of the Linux kernel did not \nproperly handle holes in hugetlb ranges. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-16994)\n\nIt was discovered that the netfilter component of the Linux did not \nproperly restrict access to the connection tracking helpers list. A local \nattacker could use this to bypass intended access restrictions. \n(CVE-2017-17448)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not \nproperly restrict observations of netlink messages to the appropriate net \nnamespace. A local attacker could use this to expose sensitive information \n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the core USB subsystem in the Linux kernel did not \nvalidate the number of configurations and interfaces in a device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2017-17558)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ncontained an out-of-bounds read when handling memory-mapped I/O. A local \nattacker could use this to expose sensitive information. (CVE-2017-17741)\n\nIt was discovered that the Salsa20 encryption algorithm implementations in \nthe Linux kernel did not properly handle zero-length inputs. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-17805)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly check permissions when a key request was performed on a task's \ndefault keyring. A local attacker could use this to add keys to \nunauthorized keyrings. (CVE-2017-17807)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) \nimplementation in the Linux kernel contained a branch-pruning logic issue \naround unreachable code. A local attacker could use this to cause a denial \nof service. (CVE-2017-17862)\n\nIt was discovered that the parallel cryptography component of the Linux \nkernel incorrectly freed kernel memory. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-18075)\n\nIt was discovered that a race condition existed in the Device Mapper \ncomponent of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) \nimplementation in the Linux kernel in certain circumstances. A local \nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nAndy Lutomirski discovered that the KVM implementation in the Linux kernel \nwas vulnerable to a debug exception error when single-stepping through a \nsyscall. A local attacker in a non-Linux guest vm could possibly use this \nto gain administrative privileges in the guest vm. (CVE-2017-7518)\n\nIt was discovered that the Broadcom NetXtremeII ethernet driver in the \nLinux kernel did not properly validate Generic Segment Offload (GSO) packet \nsizes. An attacker could use this to cause a denial of service (interface \nunavailability). (CVE-2018-1000026)\n\nIt was discovered that the Reliable Datagram Socket (RDS) implementation in \nthe Linux kernel contained an out-of-bounds write during RDMA page \nallocation. An attacker could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-5332)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nIt was discovered that an integer overflow error existed in the futex \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2018-6927)\n\nIt was discovered that a NULL pointer dereference existed in the RDS \n(Reliable Datagram Sockets) protocol implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2018-7492)\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in \nthe Linux kernel did not properly validate device resources. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-8043)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-05T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026", "CVE-2017-11472", "CVE-2018-8043", "CVE-2017-16645", "CVE-2017-17862", "CVE-2017-16532", "CVE-2017-15129", "CVE-2017-18204", "CVE-2017-7518", "CVE-2017-17449", "CVE-2018-5344", "CVE-2017-16650", "CVE-2017-17806", "CVE-2017-17805", "CVE-2017-18203", "CVE-2018-6927", "CVE-2017-17807", "CVE-2017-16536", "CVE-2017-18208", "CVE-2018-5333", "CVE-2017-16995", "CVE-2017-1000407", "CVE-2017-17450&qu

Fedora 27 : kernel (2018-22d5fa8a90)

Description

Related