NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)

2019-12-31T00:00:00

Description

The remote NewStart CGSL host, running - A flaw was found in the Linux kernel's NFS41+ shares mounted in different network namespaces at Thus a malicious container user can cause a host kernel - Insufficient input validation in Kernel Mode Driver in (CVE-2019-11085) - A flaw was found in the Linux kernel's NFS (CVE-2018-16871) - An issue was discovered in the Linux kernel before - A flaw was found in the way Linux kernel KVM hypervisor - A flaw was found in the Linux Kernel where an attacker (CVE-2018-14625) - drivers/infiniband/core/ucma.c in the Linux kernel - arch/x86/kernel/paravirt.c in the Linux kernel before - Since Linux kernel version 3.2, the mremap() syscall - An issue was discovered in the Linux kernel before __blk_drain_queue() use-after-free because a certain - In the hidp_process_report in bluetooth, there is an User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android A-65853588 References: Upstream kernel. (CVE-2018-93 - In pppol2tp_connect, there is possible memory corruption Product: Android. Versions: Android kernel. A-38159931. (CVE-2018-9517) - A flaw was found in the Linux kernel. A heap based (CVE-2019-10126) - An information disclosure vulnerability exists when - The coredump implementation in the Linux kernel before - An issue was discovered in the Linux kernel before (CVE-2019-11810) - fs/ext4/extents.c in the Linux kernel through 5.1.2 does - An out-of-bounds access issue was found in the Linux - A buffer overflow flaw was found, in versions from - A heap address information leak while using - A heap data infoleak in multiple locations including - A flaw that allowed an attacker to corrupt memory and - A flaw was found in the Linux kernel's vfio interface - An infinite loop issue was found in the vhost_net kernel - The mincore() implementation in mm/mincore.c in the (CVE-2019-5489) - The Bluetooth BR/EDR specification up to and including (CVE-2019-9506) Note that Nessus has not tested for this issue version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: NFS41+ subsystem. the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability. memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884) Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811) before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853) may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734) 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594) performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281) 4.18.7. In block/blk-core.c, there is an error case is mishandled. (CVE-2018-20856) integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. ID: 63) due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Android ID: buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125) 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599) 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833) kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821) 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459) L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460) possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846) implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882) module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900) Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. but has instead relied only on the application's self-reported version number.

{"id": "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2019-12-31T00:00:00", "modified": "2022-12-05T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/132495", "reporter": "This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20856", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3460", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14734", "http://security.gd-linux.com/notice/NS-SA-2019-0253", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11085", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11810", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3882", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18281", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16871", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16884", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3459", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9363", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11811"], "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "immutableFields": [], "lastseen": "2023-05-24T14:33:33", "viewCount": 89, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["69165FC0D1928DBD99CB5D0C92278C81", "DA7EB86A979E50AA3788F1F41AC8607F", "E002B607D5B80A0CFF134216B3C3F9DD"]}, {"type": "amazon", "idList": ["ALAS-2018-1086", "ALAS-2019-1145", "ALAS-2019-1149", "ALAS-2019-1201", "ALAS-2019-1214", "ALAS-2019-1232", "ALAS-2019-1253", "ALAS-2019-1280", "ALAS-2019-1293", "ALAS2-2019-1145", "ALAS2-2019-1149", "ALAS2-2019-1201", "ALAS2-2019-1214", "ALAS2-2019-1232", "ALAS2-2019-1253", "ALAS2-2019-1280", "ALAS2-2019-1281", "ALAS2-2019-1293"]}, {"type": "androidsecurity", "idList": ["ANDROID:2018-09-01", "ANDROID:2019-08-01", "ANDROID:2020-01-01", "ANDROID:2020-03-01", "ANDROID:2020-05-01", "ANDROID:2020-09-01"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "centos", "idList": ["CESA-2019:1873", "CESA-2019:2029", "CESA-2019:2473", "CESA-2019:2600", "CESA-2019:2736", "CESA-2019:2829", "CESA-2019:2863", "CESA-2019:3055", "CESA-2019:3836", "CESA-2019:3979", "CESA-2019:4256", "CESA-2020:0374", "CESA-2020:0375"]}, {"type": "cert", "idList": ["VU:918987"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0813", "CPAI-2019-0815"]}, {"type": "cisa", "idList": ["CISA:715DF5B957A42D91B3B79897B8FD61F2"]}, {"type": "cisco", "idList": ["CISCO-SA-20190813-BLUETOOTH"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "CFOUNDRY:292CE3FF25BE7F67EFA36C82DF2DFC90", "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:80ADC4D2DAC039EB92288FD623A42C24", "CFOUNDRY:80E5E37692FEC22672DA18E221852B5D", "CFOUNDRY:87EED6F38C9114A077795F94CEE1CCD3", "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:B4B97B81301258FB8DE2E5FB29E0A418", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:DAEEFC1E9FDBBF02A1D3ACCD6434010C", "CFOUNDRY:DCE4C624C0C4A79B360FF0BA8F545247", "CFOUNDRY:DF07D4C717AC736D9D7D72B02A5FA2CB"]}, {"type": "cve", "idList": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-14898", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3892", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1422-1:EBC6F", "DEBIAN:DLA-1422-2:DC70E", "DEBIAN:DLA-1423-1:B239D", "DEBIAN:DLA-1531-1:834CC", "DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-1940-1:E2E46", "DEBIAN:DSA-4308-1:A5A75", "DEBIAN:DSA-4308-1:D561A", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4465-1:DDE47", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4495-1:258DC", "DEBIAN:DSA-4497-1:7E46B", "DEBIAN:DSA-4497-1:F2AF4", "DEBIAN:DSA-4531-1:4D1BF", "DEBIAN:DSA-4531-1:D6D1F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-10853", "DEBIANCVE:CVE-2018-14625", "DEBIANCVE:CVE-2018-14734", "DEBIANCVE:CVE-2018-15594", "DEBIANCVE:CVE-2018-16871", "DEBIANCVE:CVE-2018-16884", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2018-20856", "DEBIANCVE:CVE-2018-9363", "DEBIANCVE:CVE-2018-9517", "DEBIANCVE:CVE-2019-10126", "DEBIANCVE:CVE-2019-11085", "DEBIANCVE:CVE-2019-1125", "DEBIANCVE:CVE-2019-11599", "DEBIANCVE:CVE-2019-11810", "DEBIANCVE:CVE-2019-11811", "DEBIANCVE:CVE-2019-11833", "DEBIANCVE:CVE-2019-14821", "DEBIANCVE:CVE-2019-14835", "DEBIANCVE:CVE-2019-14898", "DEBIANCVE:CVE-2019-3459", "DEBIANCVE:CVE-2019-3460", "DEBIANCVE:CVE-2019-3846", "DEBIANCVE:CVE-2019-3882", "DEBIANCVE:CVE-2019-3900", "DEBIANCVE:CVE-2019-5489", "DEBIANCVE:CVE-2019-9506"]}, {"type": "exploitdb", "idList": ["EDB-ID:48071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B9569B6E7A5B893D9E83922DA7DE24BA"]}, {"type": "f5", "idList": ["F5:K00947806", "F5:K01512680", "F5:K01821401", "F5:K04107324", "F5:K09376613", "F5:K12915342", "F5:K14673240", "F5:K15122200", "F5:K18657134", "F5:K21430012", "F5:K24084759", "F5:K26301924", "F5:K27003374", "F5:K30404955", "F5:K31085564", "F5:K33015954", "F5:K36462841", "F5:K50315101", "F5:K50484570", "F5:K51674118", "F5:K51813353", "F5:K57454331", "F5:K57536416", "F5:K59513013", "F5:K85633044", "F5:K95593121"]}, {"type": "fedora", "idList": ["FEDORA:01C936061569", "FEDORA:02DB1605FC5C", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:07B5A6CB4421", "FEDORA:089B7605072B", "FEDORA:10F7D6255145", "FEDORA:11B2F6087C35", "FEDORA:122AE604D3F9", "FEDORA:15CCC60D3105", "FEDORA:18B6A601B8F9", "FEDORA:1BD5B6389B47", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1CAC0608E6F2", "FEDORA:1EFAB60ACFB0", "FEDORA:20DCB60779B2", "FEDORA:2281662F1093", "FEDORA:229FE60419B9", "FEDORA:22D77604972B", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:2836F613193B", "FEDORA:29049600CFF3", "FEDORA:296826040AED", "FEDORA:29FCE65ECD33", "FEDORA:2CDD76006271", "FEDORA:2E40E608A4A7", "FEDORA:3266960F0E44", "FEDORA:344346042F3E", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:3C394606D98F", "FEDORA:3F6FC603B27A", "FEDORA:4002B609954A", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:49A0E6048FEB", "FEDORA:49E0B60427EC", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:4F21B6125E50", "FEDORA:506B2608A4A8", "FEDORA:50E6E6087656", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:54AA460F2356", "FEDORA:5591D601DA24", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5AA3D60505E7", "FEDORA:5B68260A5858", "FEDORA:5BC786077CC2", "FEDORA:5D742610B071", "FEDORA:621A2609A69C", "FEDORA:690DE6022BA8", "FEDORA:6B39A60C690C", "FEDORA:6B43460C450E", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6DBD2608A4A4", "FEDORA:6E67663233DB", "FEDORA:6EC6360BEA04", "FEDORA:73C3960CDDB3", "FEDORA:754F860A98ED", "FEDORA:7640C641CB61", "FEDORA:7960A6049C56", "FEDORA:79EAC605FC25", "FEDORA:84A106014740", "FEDORA:84FBF6179A05", "FEDORA:85FBF6076011", "FEDORA:87BD56087904", "FEDORA:89C9C6051B3A", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9575D60062E1", "FEDORA:95A686085F81", "FEDORA:9801060D30FA", "FEDORA:98E8F6079A11", "FEDORA:99396612EAD6", "FEDORA:9BC696049C57", "FEDORA:9BEAD610ED74", "FEDORA:9E3D9606D195", "FEDORA:A0668610D7D1", "FEDORA:AAB236095515", "FEDORA:AC7FC600CFCA", "FEDORA:AE8986042F2B", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B59DB604C870", "FEDORA:B87B460876BA", "FEDORA:B8E1B6130727", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BDA53610ED61", "FEDORA:BF5EC607125E", "FEDORA:C0A4560C423F", "FEDORA:C1EA6603ECEC", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C597E610D7D2", "FEDORA:C63656040AE1", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C6AF860C4240", "FEDORA:C7391611860D", "FEDORA:C7EFB60200CB", "FEDORA:CB0956087865", "FEDORA:D091860478FA", "FEDORA:D33DD608BFFE", "FEDORA:D3523607924A", "FEDORA:D6A96605FC57", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DBB1B659CBE0", "FEDORA:DF5176048167", "FEDORA:DF7CA62E1F11", "FEDORA:E37FD60924F1", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:EBB026048D2E", "FEDORA:EEC036047C93", "FEDORA:F02C560914F4", "FEDORA:F417F60477C5"]}, {"type": "fortinet", "idList": ["FG-IR-18-002", "FG-IR-19-224"]}, {"type": "githubexploit", "idList": ["1DCD6499-0990-565E-9159-24DBA1428255", "A9F0245C-3F9D-5922-A64E-F7627478A24A", "C332FD21-E85D-5C7D-95FC-3CF453E1E5B9"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "hp", "idList": ["HP:C06521007"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190828-01-KNOB", "HUAWEI-SA-20200115-01-PAGECACHE", "HUAWEI-SA-20200115-01-QEMU", "HUAWEI-SA-20200408-01-SWAPGS"]}, {"type": "ibm", "idList": ["1615871DB6D900C69F1E3E99183BE8581ED1CED870E2C3B0E3B990E1C56F30E0", "270E7F8D6C0BA0C052D17A0F1714E8401CE49A076E5AA43582D8DA42ACFE3121", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "50C920019EA35B3C7B3BDE4B077C4837CC00CEC4BA86B844DA559CD59AF45627", "577E6752CB94DC8755F2E4A38D9BA5117DD396F8C762252ACA978966E42D7766", "5C971ABE298E715E4DD664F197820425272400B40C52EF433CFD40BAFACB63C8", "6008235F2B5AB889012327334B8370A8EE655F77D3C7C13C1112DD6F096D05B1", "6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3", "6D5DF12FB27293DC2112B69929AB6CFC7CE456E303952D8CE9040C6671A30910", "7BC7CA8D64FDAEBF4F352ECFBEED45FBB2063AF88351F5C93320EBBDB29E51B4", "86C7951371BC0A7800D1FEBC038565FA28DED7D904E47462C3F5395FDE8AB9C9", "886FADBF12E5D255DA0F738559659C57F2FF4189798EA7267513A7ED50B1F227", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "9B3C2542A224A170177BC588D64FBAC641AEB3A7ED64BDCAE097C03AA1143EDF", "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "A5A892259BF44584524D97B2CB83E9150F24F7E5C20081122730CDDBEA729805", "B947805A29EE83AAAED8ABADDD8CFF00AA389BFC4D7DDC49FC3A89A557DD856C", "D12C469715C8550A5DBD0ABD5099324400BF0BAE58ADBB7CB7FABF1B45899623", "D90882A3E95B0A521011936122CA086C48D9FEF441869C5BF302F67319C3A703", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE"]}, {"type": "ics", "idList": ["ICSA-23-075-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00249"]}, {"type": "kaspersky", "idList": ["KLA11511", "KLA11529", "KLA11534", "KLA11696", "KLA11700", "KLA11819", "KLA11989"]}, {"type": "lenovo", "idList": ["LENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID", "LENOVO:PS500267-ENCRYPTION-KEY-NEGOTIATION-OF-BLUETOOTH-VULNERABILITY-NOSID", "LENOVO:PS500267-NOSID", "LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2018-0296", "MGASA-2018-0340", "MGASA-2018-0341", "MGASA-2018-0417", "MGASA-2018-0418", "MGASA-2018-0419", "MGASA-2018-0487", "MGASA-2019-0097", "MGASA-2019-0098", "MGASA-2019-0170", "MGASA-2019-0171", "MGASA-2019-0172", "MGASA-2019-0185", "MGASA-2019-0196", "MGASA-2019-0197", "MGASA-2019-0220", "MGASA-2019-0221", "MGASA-2019-0287", "MGASA-2019-0288", "MGASA-2019-0333"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B7AA161DBAFDA8D7D246FF7D80A9ADC4"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1071", "MS:CVE-2019-1073", "MS:CVE-2019-1125", "MS:CVE-2019-9506"]}, {"type": "mskb", "idList": ["KB4507435", "KB4507448", "KB4507449", "KB4507450", "KB4507452", "KB4507453", "KB4507455", "KB4507456", "KB4507457", "KB4507458", "KB4507460", "KB4507461", "KB4507462", "KB4507464", "KB4507469"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1145.NASL", "AL2_ALAS-2019-1149.NASL", "AL2_ALAS-2019-1201.NASL", "AL2_ALAS-2019-1214.NASL", "AL2_ALAS-2019-1232.NASL", "AL2_ALAS-2019-1253.NASL", "AL2_ALAS-2019-1280.NASL", "AL2_ALAS-2019-1281.NASL", "AL2_ALAS-2019-1293.NASL", "ALA_ALAS-2018-1086.NASL", "ALA_ALAS-2019-1145.NASL", "ALA_ALAS-2019-1149.NASL", "ALA_ALAS-2019-1201.NASL", "ALA_ALAS-2019-1214.NASL", "ALA_ALAS-2019-1232.NASL", "ALA_ALAS-2019-1253.NASL", "ALA_ALAS-2019-1280.NASL", "ALA_ALAS-2019-1293.NASL", "CENTOS8_RHSA-2019-1959.NASL", "CENTOS8_RHSA-2019-2411.NASL", "CENTOS8_RHSA-2019-2703.NASL", "CENTOS8_RHSA-2019-2827.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS8_RHSA-2020-0339.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS_RHSA-2019-1873.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2019-2473.NASL", "CENTOS_RHSA-2019-2600.NASL", "CENTOS_RHSA-2019-2736.NASL", "CENTOS_RHSA-2019-2829.NASL", "CENTOS_RHSA-2019-2863.NASL", "CENTOS_RHSA-2019-3055.NASL", "CENTOS_RHSA-2019-3836.NASL", "CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2019-4256.NASL", "CENTOS_RHSA-2020-0374.NASL", "CENTOS_RHSA-2020-0375.NASL", "DEBIAN_DLA-1422.NASL", "DEBIAN_DLA-1423.NASL", "DEBIAN_DLA-1531.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1823.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-1940.NASL", "DEBIAN_DSA-4308.NASL", "DEBIAN_DSA-4465.NASL", "DEBIAN_DSA-4495.NASL", "DEBIAN_DSA-4497.NASL", "DEBIAN_DSA-4531.NASL", "EULEROS_SA-2018-1269.NASL", "EULEROS_SA-2018-1370.NASL", "EULEROS_SA-2018-1372.NASL", "EULEROS_SA-2018-1432.NASL", "EULEROS_SA-2018-1433.NASL", "EULEROS_SA-2019-1062.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1108.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1156.NASL", "EULEROS_SA-2019-1178.NASL", "EULEROS_SA-2019-1181.NASL", "EULEROS_SA-2019-1221.NASL", "EULEROS_SA-2019-1223.NASL", "EULEROS_SA-2019-1244.NASL", "EULEROS_SA-2019-1253.NASL", "EULEROS_SA-2019-1302.NASL", "EULEROS_SA-2019-1303.NASL", "EULEROS_SA-2019-1304.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1511.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1532.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1586.NASL", "EULEROS_SA-2019-1587.NASL", "EULEROS_SA-2019-1588.NASL", "EULEROS_SA-2019-1612.NASL", "EULEROS_SA-2019-1635.NASL", "EULEROS_SA-2019-1636.NASL", "EULEROS_SA-2019-1639.NASL", "EULEROS_SA-2019-1672.NASL", "EULEROS_SA-2019-1692.NASL", "EULEROS_SA-2019-1702.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2068.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1792.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2856.NASL", "EULEROS_SA-2021-2857.NASL", "F5_BIGIP_SOL01512680.NASL", "F5_BIGIP_SOL31085564.NASL", "F5_BIGIP_SOL36462841.NASL", "F5_BIGIP_SOL51674118.NASL", "FEDORA_2018-2645EB8DAB.NASL", "FEDORA_2018-2F6DF9ABFB.NASL", "FEDORA_2018-6E8C330D50.NASL", "FEDORA_2018-B57DB4753C.NASL", "FEDORA_2018-CA0E10FC6E.NASL", "FEDORA_2018-F1B818A5C9.NASL", "FEDORA_2019-15E141C6A7.NASL", "FEDORA_2019-20A89CA9AF.NASL", "FEDORA_2019-48B34FC991.NASL", "FEDORA_2019-509C133845.NASL", "FEDORA_2019-65C6D11EBA.NASL", "FEDORA_2019-6BDA4C81F4.NASL", "FEDORA_2019-7EC378191E.NASL", "FEDORA_2019-8219EFA9F6.NASL", "FEDORA_2019-87D807D7CB.NASL", "FEDORA_2019-961CDA41F0.NASL", "FEDORA_2019-A570A92D5A.NASL", "FEDORA_2019-A6CD583A8D.NASL", "FEDORA_2019-BE9ADD5B77.NASL", "FEDORA_2019-E3010166BD.NASL", "FEDORA_2019-E37C348348.NASL", "FEDORA_2019-F40BD7826F.NASL", "FEDORA_2019-F812C9FB22.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0212_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0221_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0222_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0117_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10.NASL", "NUTANIX_NXSA-AOS-5_10_10.NASL", "NUTANIX_NXSA-AOS-5_11_2_1.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "OPENSUSE-2018-1016.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-1427.NASL", "OPENSUSE-2018-1548.NASL", "OPENSUSE-2018-885.NASL", "OPENSUSE-2018-886.NASL", "OPENSUSE-2019-140.NASL", "OPENSUSE-2019-1404.NASL", "OPENSUSE-2019-1407.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-1923.NASL", "OPENSUSE-2019-1924.NASL", "OPENSUSE-2019-203.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-274.NASL", "OPENSUSE-2019-618.NASL", "OPENSUSE-2019-65.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-974.NASL", "OPENSUSE-2021-3876.NASL", "ORACLELINUX_ELSA-2018-4208.NASL", "ORACLELINUX_ELSA-2018-4261.NASL", "ORACLELINUX_ELSA-2018-4270.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-1959.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2473.NASL", "ORACLELINUX_ELSA-2019-2600.NASL", "ORACLELINUX_ELSA-2019-2703.NASL", "ORACLELINUX_ELSA-2019-2736.NASL", "ORACLELINUX_ELSA-2019-2827.NASL", "ORACLELINUX_ELSA-2019-2829.NASL", "ORACLELINUX_ELSA-2019-2863.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-3836.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4256.NASL", "ORACLELINUX_ELSA-2019-4315.NASL", "ORACLELINUX_ELSA-2019-4528.NASL", "ORACLELINUX_ELSA-2019-4541.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4729.NASL", "ORACLELINUX_ELSA-2019-4735.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4775.NASL", "ORACLELINUX_ELSA-2019-4777.NASL", "ORACLELINUX_ELSA-2019-4789.NASL", "ORACLELINUX_ELSA-2019-4799.NASL", "ORACLELINUX_ELSA-2019-4800.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2020-0339.NASL", "ORACLELINUX_ELSA-2020-0374.NASL", "ORACLELINUX_ELSA-2020-5706.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5841.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLELINUX_ELSA-2021-9473.NASL", "ORACLELINUX_ELSA-2023-12232.NASL", "ORACLEVM_OVMSA-2018-0253.NASL", "ORACLEVM_OVMSA-2018-0273.NASL", "ORACLEVM_OVMSA-2019-0002.NASL", "ORACLEVM_OVMSA-2019-0024.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "ORACLEVM_OVMSA-2019-0044.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "ORACLEVM_OVMSA-2023-0007.NASL", "PHOTONOS_PHSA-2019-1_0-0235_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0236_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0252_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0255_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0160_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0189_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0009_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0034_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0225_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-1959.NASL", "REDHAT-RHSA-2019-1971.NASL", "REDHAT-RHSA-2019-1973.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2473.NASL", "REDHAT-RHSA-2019-2476.NASL", "REDHAT-RHSA-2019-2600.NASL", "REDHAT-RHSA-2019-2609.NASL", "REDHAT-RHSA-2019-2695.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2703.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-2736.NASL", "REDHAT-RHSA-2019-2741.NASL", "REDHAT-RHSA-2019-2809.NASL", "REDHAT-RHSA-2019-2827.NASL", "REDHAT-RHSA-2019-2828.NASL", "REDHAT-RHSA-2019-2829.NASL", "REDHAT-RHSA-2019-2830.NASL", "REDHAT-RHSA-2019-2837.NASL", "REDHAT-RHSA-2019-2854.NASL", "REDHAT-RHSA-2019-2862.NASL", "REDHAT-RHSA-2019-2863.NASL", "REDHAT-RHSA-2019-2864.NASL", "REDHAT-RHSA-2019-2865.NASL", "REDHAT-RHSA-2019-2866.NASL", "REDHAT-RHSA-2019-2867.NASL", "REDHAT-RHSA-2019-2869.NASL", "REDHAT-RHSA-2019-2889.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2901.NASL", "REDHAT-RHSA-2019-2924.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3011.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3165.NASL", "REDHAT-RHSA-2019-3187.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3218.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2019-3231.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2019-3836.NASL", "REDHAT-RHSA-2019-3967.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2019-4056.NASL", "REDHAT-RHSA-2019-4057.NASL", "REDHAT-RHSA-2019-4058.NASL", "REDHAT-RHSA-2019-4154.NASL", "REDHAT-RHSA-2019-4159.NASL", "REDHAT-RHSA-2019-4164.NASL", "REDHAT-RHSA-2019-4255.NASL", "REDHAT-RHSA-2019-4256.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-0036.NASL", "REDHAT-RHSA-2020-0100.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0174.NASL", "REDHAT-RHSA-2020-0179.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-0328.NASL", "REDHAT-RHSA-2020-0339.NASL", "REDHAT-RHSA-2020-0374.NASL", "REDHAT-RHSA-2020-0375.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0592.NASL", "REDHAT-RHSA-2020-0609.NASL", "REDHAT-RHSA-2020-0664.NASL", "REDHAT-RHSA-2020-0698.NASL", "REDHAT-RHSA-2020-0740.NASL", "REDHAT-RHSA-2020-1460.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2289.NASL", "REDHAT-RHSA-2020-2851.NASL", "REDHAT-RHSA-2020-2854.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SLACKWARE_SSA_2019-202-01.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20190813_KERNEL_ON_SL6_X.NASL", "SL_20190903_KERNEL_ON_SL7_X.NASL", "SL_20190912_KERNEL_ON_SL6_X.NASL", "SL_20190920_KERNEL_ON_SL7_X.NASL", "SL_20190923_KERNEL_ON_SL6_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20191113_KERNEL_ON_SL6_X.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20191217_KERNEL_ON_SL6_X.NASL", "SL_20200205_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_AUG_4511553.NASL", "SMB_NT_MS19_AUG_4512488.NASL", "SMB_NT_MS19_AUG_4512497.NASL", "SMB_NT_MS19_AUG_4512501.NASL", "SMB_NT_MS19_AUG_4512506.NASL", "SMB_NT_MS19_AUG_4512507.NASL", "SMB_NT_MS19_AUG_4512508.NASL", "SMB_NT_MS19_AUG_4512516.NASL", "SMB_NT_MS19_AUG_4512517.NASL", "SMB_NT_MS19_AUG_4512518.NASL", "SMB_NT_MS19_JUL_4507435.NASL", "SMB_NT_MS19_JUL_4507448.NASL", "SMB_NT_MS19_JUL_4507449.NASL", "SMB_NT_MS19_JUL_4507450.NASL", "SMB_NT_MS19_JUL_4507452.NASL", "SMB_NT_MS19_JUL_4507453.NASL", "SMB_NT_MS19_JUL_4507455.NASL", "SMB_NT_MS19_JUL_4507458.NASL", "SMB_NT_MS19_JUL_4507460.NASL", "SMB_NT_MS19_JUL_4507462.NASL", "SMB_NT_MS19_JUL_4507469.NASL", "SOLARIS_JUL2020_SRU11_4_21_69_0.NASL", "SUSE_SU-2018-2328-1.NASL", "SUSE_SU-2018-2341-1.NASL", "SUSE_SU-2018-2342-1.NASL", "SUSE_SU-2018-2344-1.NASL", "SUSE_SU-2018-2344-2.NASL", "SUSE_SU-2018-2345-1.NASL", "SUSE_SU-2018-2346-1.NASL", "SUSE_SU-2018-2347-1.NASL", "SUSE_SU-2018-2348-1.NASL", "SUSE_SU-2018-2349-1.NASL", "SUSE_SU-2018-2350-1.NASL", "SUSE_SU-2018-2351-1.NASL", "SUSE_SU-2018-2352-1.NASL", "SUSE_SU-2018-2353-1.NASL", "SUSE_SU-2018-2354-1.NASL", "SUSE_SU-2018-2355-1.NASL", "SUSE_SU-2018-2356-1.NASL", "SUSE_SU-2018-2358-1.NASL", "SUSE_SU-2018-2359-1.NASL", "SUSE_SU-2018-2362-1.NASL", "SUSE_SU-2018-2363-1.NASL", "SUSE_SU-2018-2364-1.NASL", "SUSE_SU-2018-2367-1.NASL", "SUSE_SU-2018-2368-1.NASL", "SUSE_SU-2018-2369-1.NASL", "SUSE_SU-2018-2374-1.NASL", "SUSE_SU-2018-2384-1.NASL", "SUSE_SU-2018-2387-1.NASL", "SUSE_SU-2018-2389-1.NASL", "SUSE_SU-2018-2391-1.NASL", "SUSE_SU-2018-2416-1.NASL", "SUSE_SU-2018-2539-1.NASL", "SUSE_SU-2018-2684-1.NASL", "SUSE_SU-2018-2776-1.NASL", "SUSE_SU-2018-2858-1.NASL", "SUSE_SU-2018-2879-1.NASL", "SUSE_SU-2018-2907-1.NASL", "SUSE_SU-2018-2908-1.NASL", "SUSE_SU-2018-3083-1.NASL", "SUSE_SU-2018-3084-1.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2018-4069-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0148-1.NASL", "SUSE_SU-2019-0196-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0326-1.NASL", "SUSE_SU-2019-0356-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-0767-1.NASL", "SUSE_SU-2019-0784-1.NASL", "SUSE_SU-2019-0901-1.NASL", "SUSE_SU-2019-1242-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2019-14089-1.NASL", "SUSE_SU-2019-14127-1.NASL", "SUSE_SU-2019-14157-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1422-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1854-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1948-1.NASL", "SUSE_SU-2019-2068-1.NASL", "SUSE_SU-2019-2070-1.NASL", "SUSE_SU-2019-2071-1.NASL", "SUSE_SU-2019-2072-1.NASL", "SUSE_SU-2019-2073-1.NASL", "SUSE_SU-2019-2262-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2600-1.NASL", "SUSE_SU-2019-2601-1.NASL", "SUSE_SU-2019-2613-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3232-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3260-1.NASL", "SUSE_SU-2019-3261-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2023-0420-1.NASL", "UBUNTU_USN-3775-1.NASL", "UBUNTU_USN-3776-1.NASL", "UBUNTU_USN-3776-2.NASL", "UBUNTU_USN-3777-1.NASL", "UBUNTU_USN-3777-2.NASL", "UBUNTU_USN-3777-3.NASL", "UBUNTU_USN-3797-1.NASL", "UBUNTU_USN-3797-2.NASL", "UBUNTU_USN-3820-1.NASL", "UBUNTU_USN-3820-2.NASL", "UBUNTU_USN-3820-3.NASL", "UBUNTU_USN-3822-1.NASL", "UBUNTU_USN-3832-1.NASL", "UBUNTU_USN-3835-1.NASL", "UBUNTU_USN-3847-1.NASL", "UBUNTU_USN-3847-2.NASL", "UBUNTU_USN-3847-3.NASL", "UBUNTU_USN-3849-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3872-1.NASL", "UBUNTU_USN-3878-1.NASL", "UBUNTU_USN-3878-2.NASL", "UBUNTU_USN-3880-1.NASL", "UBUNTU_USN-3930-1.NASL", "UBUNTU_USN-3930-2.NASL", "UBUNTU_USN-3931-1.NASL", "UBUNTU_USN-3931-2.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-3933-1.NASL", "UBUNTU_USN-3979-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-3982-1.NASL", "UBUNTU_USN-3982-2.NASL", "UBUNTU_USN-4005-1.NASL", "UBUNTU_USN-4008-1.NASL", "UBUNTU_USN-4008-2.NASL", "UBUNTU_USN-4008-3.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4096-1.NASL", "UBUNTU_USN-4114-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4116-1.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4157-1.NASL", "UBUNTU_USN-4157-2.NASL", "UBUNTU_USN-4162-1.NASL", "UBUNTU_USN-4163-1.NASL", "VIRTUOZZO_VZA-2018-089.NASL", "VIRTUOZZO_VZA-2019-064.NASL", "VIRTUOZZO_VZA-2019-067.NASL", "VIRTUOZZO_VZA-2019-068.NASL", "VIRTUOZZO_VZA-2019-074.NASL", "VIRTUOZZO_VZA-2019-076.NASL", "VIRTUOZZO_VZA-2019-078.NASL", "VIRTUOZZO_VZA-2019-081.NASL", "VIRTUOZZO_VZA-2019-085.NASL", "VIRTUOZZO_VZA-2019-086.NASL", "VIRTUOZZO_VZA-2019-089.NASL", "VIRTUOZZO_VZA-2020-011.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108620", "OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310704308", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310704495", "OPENVAS:1361412562310704497", "OPENVAS:1361412562310704531", "OPENVAS:1361412562310814563", "OPENVAS:1361412562310815400", "OPENVAS:1361412562310815401", "OPENVAS:1361412562310815402", "OPENVAS:1361412562310815403", "OPENVAS:1361412562310815404", "OPENVAS:1361412562310815406", "OPENVAS:1361412562310815408", "OPENVAS:1361412562310815409", "OPENVAS:1361412562310815410", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310815438", "OPENVAS:1361412562310815439", "OPENVAS:1361412562310815513", "OPENVAS:1361412562310815514", "OPENVAS:1361412562310843644", "OPENVAS:1361412562310843645", "OPENVAS:1361412562310843646", "OPENVAS:1361412562310843647", "OPENVAS:1361412562310843648", "OPENVAS:1361412562310843663", "OPENVAS:1361412562310843664", "OPENVAS:1361412562310843666", "OPENVAS:1361412562310843820", "OPENVAS:1361412562310843821", "OPENVAS:1361412562310843824", "OPENVAS:1361412562310843825", "OPENVAS:1361412562310843840", "OPENVAS:1361412562310843841", "OPENVAS:1361412562310843856", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310843860", "OPENVAS:1361412562310843861", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843885", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843895", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843903", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310843951", "OPENVAS:1361412562310843952", "OPENVAS:1361412562310843953", "OPENVAS:1361412562310843954", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310843959", "OPENVAS:1361412562310843960", "OPENVAS:1361412562310844004", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844008", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310844035", "OPENVAS:1361412562310844037", "OPENVAS:1361412562310844041", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844103", "OPENVAS:1361412562310844104", "OPENVAS:1361412562310844111", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844136", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844182", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844203", "OPENVAS:1361412562310844208", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310844210", "OPENVAS:1361412562310851863", "OPENVAS:1361412562310851895", "OPENVAS:1361412562310851952", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310852140", "OPENVAS:1361412562310852195", "OPENVAS:1361412562310852240", "OPENVAS:1361412562310852274", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852737", "OPENVAS:1361412562310852851", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852870", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310852928", "OPENVAS:1361412562310852970", "OPENVAS:1361412562310874675", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874710", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874731", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874757", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874786", "OPENVAS:1361412562310874801", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874886", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874908", "OPENVAS:1361412562310874911", "OPENVAS:1361412562310874913", "OPENVAS:1361412562310874916", "OPENVAS:1361412562310874918", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874965", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875005", "OPENVAS:1361412562310875066", "OPENVAS:1361412562310875092", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875131", "OPENVAS:1361412562310875162", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875189", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875303", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875368", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875371", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875413", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875421", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875426", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875558", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875560", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875697", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876038", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876089", "OPENVAS:1361412562310876095", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876290", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876334", "OPENVAS:1361412562310876360", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876399", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876446", "OPENVAS:1361412562310876449", "OPENVAS:1361412562310876466", "OPENVAS:1361412562310876467", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876477", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876647", "OPENVAS:1361412562310876648", "OPENVAS:1361412562310876652", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876660", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876811", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876842", "OPENVAS:1361412562310876868", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876870", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310883095", "OPENVAS:1361412562310883096", "OPENVAS:1361412562310883099", "OPENVAS:1361412562310883107", "OPENVAS:1361412562310883113", "OPENVAS:1361412562310883115", "OPENVAS:1361412562310883117", "OPENVAS:1361412562310883131", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310883149", "OPENVAS:1361412562310883179", "OPENVAS:1361412562310883191", "OPENVAS:1361412562310891422", "OPENVAS:1361412562310891531", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310891940", "OPENVAS:1361412562311220181269", "OPENVAS:1361412562311220181370", "OPENVAS:1361412562311220181372", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562311220181433", "OPENVAS:1361412562311220191062", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191108", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191156", "OPENVAS:1361412562311220191178", "OPENVAS:1361412562311220191181", "OPENVAS:1361412562311220191221", "OPENVAS:1361412562311220191223", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191302", "OPENVAS:1361412562311220191303", "OPENVAS:1361412562311220191304", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191511", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191532", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191586", "OPENVAS:1361412562311220191587", "OPENVAS:1361412562311220191588", "OPENVAS:1361412562311220191612", "OPENVAS:1361412562311220191635", "OPENVAS:1361412562311220191636", "OPENVAS:1361412562311220191639", "OPENVAS:1361412562311220191672", "OPENVAS:1361412562311220191692", "OPENVAS:1361412562311220191702", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192068", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201792"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4208", "ELSA-2018-4261", "ELSA-2018-4270", "ELSA-2019-1873", "ELSA-2019-1959", "ELSA-2019-2029", "ELSA-2019-2411", "ELSA-2019-2473", "ELSA-2019-2600", "ELSA-2019-2703", "ELSA-2019-2736", "ELSA-2019-2827", "ELSA-2019-2829", "ELSA-2019-2863", "ELSA-2019-3055", "ELSA-2019-3517", "ELSA-2019-3836", "ELSA-2019-3979", "ELSA-2019-4256", "ELSA-2019-4315", "ELSA-2019-4528", "ELSA-2019-4541", "ELSA-2019-4670", "ELSA-2019-4685", "ELSA-2019-4729", "ELSA-2019-4733", "ELSA-2019-4735", "ELSA-2019-4746", "ELSA-2019-4775", "ELSA-2019-4777", "ELSA-2019-4789", "ELSA-2019-4799", "ELSA-2019-4800", "ELSA-2019-4808", "ELSA-2019-4820", "ELSA-2019-4850", "ELSA-2020-1769", "ELSA-2020-5706", "ELSA-2020-5708", "ELSA-2020-5715", "ELSA-2020-5755", "ELSA-2020-5841", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2021-9459", "ELSA-2021-9473", "ELSA-2023-12232"]}, {"type": "osv", "idList": ["OSV:DLA-1422-1", "OSV:DLA-1422-2", "OSV:DLA-1423-1", "OSV:DLA-1529-1", "OSV:DLA-1531-1", "OSV:DLA-1715-1", "OSV:DLA-1731-1", "OSV:DLA-1771-1", "OSV:DLA-1799-1", "OSV:DLA-1823-1", "OSV:DLA-1824-1", "OSV:DLA-1884-1", "OSV:DLA-1885-1", "OSV:DLA-1919-1", "OSV:DLA-1930-1", "OSV:DLA-1940-1", "OSV:DSA-4308-1", "OSV:DSA-4465-1", "OSV:DSA-4495-1", "OSV:DSA-4497-1", "OSV:DSA-4531-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150001", "PACKETSTORM:152663"]}, {"type": "photon", "idList": ["PHSA-2018-0062", "PHSA-2018-0082", "PHSA-2018-0153", "PHSA-2018-0173", "PHSA-2018-0180", "PHSA-2019-0009", "PHSA-2019-0015", "PHSA-2019-0021", "PHSA-2019-0026", "PHSA-2019-0034", "PHSA-2019-0151", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0175", "PHSA-2019-0178", "PHSA-2019-0189", "PHSA-2019-0224", "PHSA-2019-0235", "PHSA-2019-0236", "PHSA-2019-0250", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0255", "PHSA-2019-1.0-0224", "PHSA-2019-1.0-0235", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0248", "PHSA-2019-1.0-0251", "PHSA-2019-1.0-0252", "PHSA-2019-1.0-0255", "PHSA-2019-2.0-0160", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0175", "PHSA-2019-2.0-0189", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0034", "PHSA-2020-0225", "PHSA-2020-0238", "PHSA-2020-2.0-0225"]}, {"type": "redhat", "idList": ["RHSA-2018:2948", "RHSA-2019:0831", "RHSA-2019:1873", "RHSA-2019:1891", "RHSA-2019:1959", "RHSA-2019:1971", "RHSA-2019:1973", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2473", "RHSA-2019:2476", "RHSA-2019:2600", "RHSA-2019:2609", "RHSA-2019:2695", "RHSA-2019:2696", "RHSA-2019:2703", "RHSA-2019:2730", "RHSA-2019:2736", "RHSA-2019:2741", "RHSA-2019:2808", "RHSA-2019:2809", "RHSA-2019:2827", "RHSA-2019:2828", "RHSA-2019:2829", "RHSA-2019:2830", "RHSA-2019:2837", "RHSA-2019:2854", "RHSA-2019:2862", "RHSA-2019:2863", "RHSA-2019:2864", "RHSA-2019:2865", "RHSA-2019:2866", "RHSA-2019:2867", "RHSA-2019:2869", "RHSA-2019:2889", "RHSA-2019:2899", "RHSA-2019:2900", "RHSA-2019:2901", "RHSA-2019:2924", "RHSA-2019:2975", "RHSA-2019:3011", "RHSA-2019:3055", "RHSA-2019:3076", "RHSA-2019:3089", "RHSA-2019:3165", "RHSA-2019:3187", "RHSA-2019:3217", "RHSA-2019:3218", "RHSA-2019:3220", "RHSA-2019:3231", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2019:3836", "RHSA-2019:3967", "RHSA-2019:3978", "RHSA-2019:3979", "RHSA-2019:4056", "RHSA-2019:4057", "RHSA-2019:4058", "RHSA-2019:4154", "RHSA-2019:4159", "RHSA-2019:4164", "RHSA-2019:4255", "RHSA-2019:4256", "RHSA-2020:0027", "RHSA-2020:0036", "RHSA-2020:0100", "RHSA-2020:0103", "RHSA-2020:0174", "RHSA-2020:0179", "RHSA-2020:0204", "RHSA-2020:0328", "RHSA-2020:0339", "RHSA-2020:0374", "RHSA-2020:0375", "RHSA-2020:0543", "RHSA-2020:0592", "RHSA-2020:0609", "RHSA-2020:0664", "RHSA-2020:0698", "RHSA-2020:0740", "RHSA-2020:1460", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2289", "RHSA-2020:2851", "RHSA-2020:2854"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-10853", "RH:CVE-2018-14625", "RH:CVE-2018-14734", "RH:CVE-2018-15594", "RH:CVE-2018-16871", "RH:CVE-2018-16884", "RH:CVE-2018-18281", "RH:CVE-2018-20856", "RH:CVE-2018-9363", "RH:CVE-2018-9517", "RH:CVE-2019-10126", "RH:CVE-2019-11085", "RH:CVE-2019-1125", "RH:CVE-2019-11599", "RH:CVE-2019-11810", "RH:CVE-2019-11811", "RH:CVE-2019-11833", "RH:CVE-2019-14821", "RH:CVE-2019-14835", "RH:CVE-2019-14898", "RH:CVE-2019-3459", "RH:CVE-2019-3460", "RH:CVE-2019-3846", "RH:CVE-2019-3882", "RH:CVE-2019-3892", "RH:CVE-2019-3900", "RH:CVE-2019-5489", "RH:CVE-2019-9506"]}, {"type": "slackware", "idList": ["SSA-2019-030-01", "SSA-2019-169-01", "SSA-2019-202-01", "SSA-2019-226-01", "SSA-2019-311-01", "SSA-2020-163-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2404-1", "OPENSUSE-SU-2018:2407-1", "OPENSUSE-SU-2018:2738-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2018:3817-1", "OPENSUSE-SU-2018:4133-1", "OPENSUSE-SU-2019:0065-1", "OPENSUSE-SU-2019:0140-1", "OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2307-1", "OPENSUSE-SU-2019:2308-1", "OPENSUSE-SU-2021:3876-1"]}, {"type": "symantec", "idList": ["SMNTC-109016", "SMNTC-109020", "SMNTC-109509"]}, {"type": "talosblog", "idList": ["TALOSBLOG:07D81B04EFE21AC0E3C8DD9F1F76E7A4", "TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:7C2166B58EF6EE65AF920B2CE0FD9845", "THN:E3EB255FBC069136903C8881DF473DF0"]}, {"type": "threatpost", "idList": ["THREATPOST:0257327E5115B699AC58115D6D5416A1", "THREATPOST:0C3D5795D480495E2117878151D25765", "THREATPOST:25B39CC0AC8A2CF8DE7334F890A87907", "THREATPOST:25E72D5927161BC631CDDD38FB642431", "THREATPOST:62D876A38CF65F658A4E0332E90F521A"]}, {"type": "ubuntu", "idList": ["USN-3775-1", "USN-3775-2", "USN-3776-1", "USN-3776-2", "USN-3777-1", "USN-3777-2", "USN-3777-3", "USN-3797-1", "USN-3797-2", "USN-3820-1", "USN-3820-2", "USN-3820-3", "USN-3822-1", "USN-3822-2", "USN-3832-1", "USN-3835-1", "USN-3847-1", "USN-3847-2", "USN-3847-3", "USN-3849-1", "USN-3849-2", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3872-1", "USN-3878-1", "USN-3878-2", "USN-3878-3", "USN-3880-1", "USN-3880-2", "USN-3930-1", "USN-3930-2", "USN-3931-1", "USN-3931-2", "USN-3932-1", "USN-3932-2", "USN-3933-1", "USN-3933-2", "USN-3979-1", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-3982-1", "USN-3982-2", "USN-4005-1", "USN-4008-1", "USN-4008-2", "USN-4008-3", "USN-4068-1", "USN-4068-2", "USN-4069-1", "USN-4069-2", "USN-4076-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4096-1", "USN-4114-1", "USN-4115-1", "USN-4115-2", "USN-4116-1", "USN-4117-1", "USN-4118-1", "USN-4135-1", "USN-4135-2", "USN-4147-1", "USN-4157-1", "USN-4157-2", "USN-4162-1", "USN-4162-2", "USN-4163-1", "USN-4163-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-10853", "UB:CVE-2018-14625", "UB:CVE-2018-14734", "UB:CVE-2018-15594", "UB:CVE-2018-16871", "UB:CVE-2018-16884", "UB:CVE-2018-18281", "UB:CVE-2018-20856", "UB:CVE-2018-9363", "UB:CVE-2018-9517", "UB:CVE-2019-10126", "UB:CVE-2019-11085", "UB:CVE-2019-1125", "UB:CVE-2019-11599", "UB:CVE-2019-11810", "UB:CVE-2019-11811", "UB:CVE-2019-11833", "UB:CVE-2019-14821", "UB:CVE-2019-14835", "UB:CVE-2019-14898", "UB:CVE-2019-3459", "UB:CVE-2019-3460", "UB:CVE-2019-3846", "UB:CVE-2019-3882", "UB:CVE-2019-3900", "UB:CVE-2019-5489", "UB:CVE-2019-9506"]}, {"type": "veracode", "idList": ["VERACODE:20974", "VERACODE:20976", "VERACODE:20977", "VERACODE:20978", "VERACODE:21035", "VERACODE:21041", "VERACODE:21044", "VERACODE:21045", "VERACODE:21053", "VERACODE:21059", "VERACODE:21061", "VERACODE:21062", "VERACODE:21064", "VERACODE:21066", "VERACODE:21067", "VERACODE:21068", "VERACODE:21069", "VERACODE:21070", "VERACODE:21073", "VERACODE:21203", "VERACODE:21657", "VERACODE:21702", "VERACODE:21703", "VERACODE:21704", "VERACODE:22470", "VERACODE:25831"]}, {"type": "virtuozzo", "idList": ["VZA-2018-089", "VZA-2019-064", "VZA-2019-066", "VZA-2019-067", "VZA-2019-068", "VZA-2019-074", "VZA-2019-076", "VZA-2019-078", "VZA-2019-081", "VZA-2019-085", "VZA-2019-086", "VZA-2019-088", "VZA-2019-089", "VZA-2020-010", "VZA-2020-011"]}, {"type": "zdt", "idList": ["1337DAY-ID-32619", "1337DAY-ID-33968"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2018-1086", "ALAS-2019-1149", "ALAS-2019-1201", "ALAS-2019-1214", "ALAS-2019-1232", "ALAS-2019-1253"]}, {"type": "androidsecurity", "idList": ["ANDROID:2018-06-01", "ANDROID:2019-01-01", "ANDROID:2019-08-01", "ANDROID:2019-11-01", "ANDROID:2020-01-01", "ANDROID:2020-02-01"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "centos", "idList": ["CESA-2019:1873", "CESA-2019:2473", "CESA-2020:0375"]}, {"type": "cert", "idList": ["VU:918987"]}, {"type": "cisa", "idList": ["CISA:715DF5B957A42D91B3B79897B8FD61F2"]}, {"type": "cisco", "idList": ["CISCO-SA-20190813-BLUETOOTH"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:80ADC4D2DAC039EB92288FD623A42C24", "CFOUNDRY:80E5E37692FEC22672DA18E221852B5D", "CFOUNDRY:87EED6F38C9114A077795F94CEE1CCD3", "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "CFOUNDRY:DAEEFC1E9FDBBF02A1D3ACCD6434010C", "CFOUNDRY:DCE4C624C0C4A79B360FF0BA8F545247"]}, {"type": "cve", "idList": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-18281", "CVE-2018-20856", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-9506"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1422-1:EBC6F", "DEBIAN:DLA-1422-2:DC70E", "DEBIAN:DLA-1423-1:B239D", "DEBIAN:DLA-1531-1:834CC", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DSA-4308-1:D561A", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4497-1:7E46B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-10853", "DEBIANCVE:CVE-2018-14625", "DEBIANCVE:CVE-2018-14734", "DEBIANCVE:CVE-2018-15594", "DEBIANCVE:CVE-2018-16871", "DEBIANCVE:CVE-2018-16884", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2018-20856", "DEBIANCVE:CVE-2018-9363", "DEBIANCVE:CVE-2018-9517", "DEBIANCVE:CVE-2019-10126", "DEBIANCVE:CVE-2019-11085", "DEBIANCVE:CVE-2019-1125", "DEBIANCVE:CVE-2019-11599", "DEBIANCVE:CVE-2019-11810", "DEBIANCVE:CVE-2019-11811", "DEBIANCVE:CVE-2019-11833", "DEBIANCVE:CVE-2019-14821", "DEBIANCVE:CVE-2019-14835", "DEBIANCVE:CVE-2019-3459", "DEBIANCVE:CVE-2019-3460", "DEBIANCVE:CVE-2019-3846", "DEBIANCVE:CVE-2019-3882", "DEBIANCVE:CVE-2019-3900", "DEBIANCVE:CVE-2019-5489", "DEBIANCVE:CVE-2019-9506"]}, {"type": "exploitdb", "idList": ["EDB-ID:48071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B9569B6E7A5B893D9E83922DA7DE24BA"]}, {"type": "f5", "idList": ["F5:K01512680", "F5:K09376613", "F5:K12915342", "F5:K26301924", "F5:K31085564", "F5:K50484570", "F5:K51674118", "F5:K95593121"]}, {"type": "fedora", "idList": ["FEDORA:01C936061569", "FEDORA:089B7605072B", "FEDORA:10F7D6255145", "FEDORA:11B2F6087C35", "FEDORA:122AE604D3F9", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1EFAB60ACFB0", "FEDORA:20DCB60779B2", "FEDORA:2281662F1093", "FEDORA:229FE60419B9", "FEDORA:22D77604972B", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:296826040AED", "FEDORA:29FCE65ECD33", "FEDORA:2CDD76006271", "FEDORA:2E40E608A4A7", "FEDORA:3266960F0E44", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:49E0B60427EC", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:506B2608A4A8", "FEDORA:50E6E6087656", "FEDORA:5591D601DA24", "FEDORA:5AA3D60505E7", "FEDORA:5B68260A5858", "FEDORA:5D742610B071", "FEDORA:621A2609A69C", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6DBD2608A4A4", "FEDORA:6EC6360BEA04", "FEDORA:73C3960CDDB3", "FEDORA:7640C641CB61", "FEDORA:7960A6049C56", "FEDORA:84A106014740", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9575D60062E1", "FEDORA:95A686085F81", "FEDORA:9BC696049C57", "FEDORA:9E3D9606D195", "FEDORA:AAB236095515", "FEDORA:AC7FC600CFCA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B59DB604C870", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C7EFB60200CB", "FEDORA:D091860478FA", "FEDORA:D33DD608BFFE", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DBB1B659CBE0", "FEDORA:DF5176048167", "FEDORA:DF7CA62E1F11", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:EBB026048D2E", "FEDORA:EEC036047C93", "FEDORA:F417F60477C5"]}, {"type": "fortinet", "idList": ["FG-IR-18-002", "FG-IR-19-224"]}, {"type": "githubexploit", "idList": ["1DCD6499-0990-565E-9159-24DBA1428255", "A9F0245C-3F9D-5922-A64E-F7627478A24A", "C332FD21-E85D-5C7D-95FC-3CF453E1E5B9"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "hp", "idList": ["HP:C06521007"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190828-01-KNOB", "HUAWEI-SA-20200408-01-SWAPGS"]}, {"type": "ibm", "idList": ["270E7F8D6C0BA0C052D17A0F1714E8401CE49A076E5AA43582D8DA42ACFE3121", "50C920019EA35B3C7B3BDE4B077C4837CC00CEC4BA86B844DA559CD59AF45627", "5C971ABE298E715E4DD664F197820425272400B40C52EF433CFD40BAFACB63C8", "6D5DF12FB27293DC2112B69929AB6CFC7CE456E303952D8CE9040C6671A30910", "86C7951371BC0A7800D1FEBC038565FA28DED7D904E47462C3F5395FDE8AB9C9", "9B3C2542A224A170177BC588D64FBAC641AEB3A7ED64BDCAE097C03AA1143EDF", "A5A892259BF44584524D97B2CB83E9150F24F7E5C20081122730CDDBEA729805", "D90882A3E95B0A521011936122CA086C48D9FEF441869C5BF302F67319C3A703", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE"]}, {"type": "kaspersky", "idList": ["KLA11529", "KLA11534", "KLA11696", "KLA11697", "KLA11700"]}, {"type": "lenovo", "idList": ["LENOVO:PS500267-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B7AA161DBAFDA8D7D246FF7D80A9ADC4"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2018-16871/"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1125", "MS:CVE-2019-9506"]}, {"type": "mskb", "idList": ["KB4507455"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1149.NASL", "ALA_ALAS-2018-1086.NASL", "ALA_ALAS-2019-1149.NASL", "DEBIAN_DLA-1531.NASL", "DEBIAN_DSA-4308.NASL", "EULEROS_SA-2020-1452.NASL", "FEDORA_2018-B57DB4753C.NASL", "FEDORA_2019-20A89CA9AF.NASL", "FEDORA_2019-509C133845.NASL", "FEDORA_2019-F812C9FB22.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-885.NASL", "OPENSUSE-2018-886.NASL", "OPENSUSE-2019-140.NASL", "OPENSUSE-2019-1404.NASL", "OPENSUSE-2019-1407.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-1923.NASL", "OPENSUSE-2019-1924.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-274.NASL", "OPENSUSE-2019-618.NASL", "OPENSUSE-2019-65.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-974.NASL", "ORACLELINUX_ELSA-2018-4208.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-1959.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2473.NASL", "ORACLELINUX_ELSA-2019-2600.NASL", "ORACLELINUX_ELSA-2019-2703.NASL", "ORACLELINUX_ELSA-2019-2736.NASL", "ORACLELINUX_ELSA-2019-2827.NASL", "ORACLELINUX_ELSA-2019-2829.NASL", "ORACLELINUX_ELSA-2019-2863.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-4528.NASL", "ORACLELINUX_ELSA-2019-4541.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4729.NASL", "ORACLELINUX_ELSA-2019-4735.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4775.NASL", "ORACLELINUX_ELSA-2019-4777.NASL", "ORACLELINUX_ELSA-2019-4789.NASL", "ORACLELINUX_ELSA-2019-4799.NASL", "ORACLELINUX_ELSA-2019-4800.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLEVM_OVMSA-2018-0253.NASL", "ORACLEVM_OVMSA-2019-0002.NASL", "ORACLEVM_OVMSA-2019-0038.NASL", "ORACLEVM_OVMSA-2019-0044.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "PHOTONOS_PHSA-2020-2_0-0225_LINUX.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-1959.NASL", "REDHAT-RHSA-2019-1971.NASL", "REDHAT-RHSA-2019-1973.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2473.NASL", "REDHAT-RHSA-2019-2476.NASL", "REDHAT-RHSA-2019-2600.NASL", "REDHAT-RHSA-2019-2609.NASL", "REDHAT-RHSA-2019-2695.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2703.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-2736.NASL", "REDHAT-RHSA-2019-2741.NASL", "REDHAT-RHSA-2019-2809.NASL", "REDHAT-RHSA-2019-2827.NASL", "REDHAT-RHSA-2019-2828.NASL", "REDHAT-RHSA-2019-2829.NASL", "REDHAT-RHSA-2019-2830.NASL", "REDHAT-RHSA-2019-2837.NASL", "REDHAT-RHSA-2019-2854.NASL", "REDHAT-RHSA-2019-2862.NASL", "REDHAT-RHSA-2019-2863.NASL", "REDHAT-RHSA-2019-2864.NASL", "REDHAT-RHSA-2019-2865.NASL", "REDHAT-RHSA-2019-2866.NASL", "REDHAT-RHSA-2019-2867.NASL", "REDHAT-RHSA-2019-2869.NASL", "REDHAT-RHSA-2019-2889.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2901.NASL", "REDHAT-RHSA-2019-2924.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3011.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3165.NASL", "REDHAT-RHSA-2019-3187.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3218.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2019-3231.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-1460.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2854.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20190813_KERNEL_ON_SL6_X.NASL", "SL_20190903_KERNEL_ON_SL7_X.NASL", "SL_20190912_KERNEL_ON_SL6_X.NASL", "SL_20190920_KERNEL_ON_SL7_X.NASL", "SL_20190923_KERNEL_ON_SL6_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20200205_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_JUL_4507435.NASL", "SMB_NT_MS19_JUL_4507448.NASL", "SMB_NT_MS19_JUL_4507450.NASL", "SMB_NT_MS19_JUL_4507453.NASL", "SMB_NT_MS19_JUL_4507455.NASL", "SMB_NT_MS19_JUL_4507458.NASL", "SMB_NT_MS19_JUL_4507460.NASL", "SMB_NT_MS19_JUL_4507462.NASL", "SMB_NT_MS19_JUL_4507469.NASL", "SUSE_SU-2018-2328-1.NASL", "SUSE_SU-2018-2341-1.NASL", "SUSE_SU-2018-2342-1.NASL", "SUSE_SU-2018-2344-1.NASL", "SUSE_SU-2018-2345-1.NASL", "SUSE_SU-2018-2346-1.NASL", "SUSE_SU-2018-2347-1.NASL", "SUSE_SU-2018-2348-1.NASL", "SUSE_SU-2018-2349-1.NASL", "SUSE_SU-2018-2350-1.NASL", "SUSE_SU-2018-2351-1.NASL", "SUSE_SU-2018-2352-1.NASL", "SUSE_SU-2018-2353-1.NASL", "SUSE_SU-2018-2354-1.NASL", "SUSE_SU-2018-2355-1.NASL", "SUSE_SU-2018-2356-1.NASL", "SUSE_SU-2018-2358-1.NASL", "SUSE_SU-2018-2359-1.NASL", "SUSE_SU-2018-2362-1.NASL", "SUSE_SU-2018-2363-1.NASL", "SUSE_SU-2018-2364-1.NASL", "SUSE_SU-2018-2367-1.NASL", "SUSE_SU-2018-2368-1.NASL", "SUSE_SU-2018-2369-1.NASL", "SUSE_SU-2018-2374-1.NASL", "SUSE_SU-2018-2384-1.NASL", "SUSE_SU-2018-2387-1.NASL", "SUSE_SU-2018-2389-1.NASL", "SUSE_SU-2018-2391-1.NASL", "SUSE_SU-2018-2416-1.NASL", "SUSE_SU-2018-2858-1.NASL", "SUSE_SU-2018-2879-1.NASL", "SUSE_SU-2018-2907-1.NASL", "SUSE_SU-2018-2908-1.NASL", "SUSE_SU-2018-3083-1.NASL", "SUSE_SU-2018-3084-1.NASL", "SUSE_SU-2019-0148-1.NASL", "SUSE_SU-2019-0196-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0326-1.NASL", "SUSE_SU-2019-0356-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-0767-1.NASL", "SUSE_SU-2019-0784-1.NASL", "SUSE_SU-2019-0901-1.NASL", "SUSE_SU-2019-1242-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2019-1422-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1854-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1948-1.NASL", "SUSE_SU-2019-2068-1.NASL", "SUSE_SU-2019-2070-1.NASL", "SUSE_SU-2019-2071-1.NASL", "SUSE_SU-2019-2072-1.NASL", "SUSE_SU-2019-2073-1.NASL", "SUSE_SU-2019-2262-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2600-1.NASL", "SUSE_SU-2019-2601-1.NASL", "SUSE_SU-2019-2613-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3217-1.NASL", "UBUNTU_USN-3775-1.NASL", "UBUNTU_USN-3776-1.NASL", "UBUNTU_USN-3776-2.NASL", "UBUNTU_USN-3777-1.NASL", "UBUNTU_USN-3777-2.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3872-1.NASL", "UBUNTU_USN-3878-1.NASL", "UBUNTU_USN-3878-2.NASL", "UBUNTU_USN-3880-1.NASL", "UBUNTU_USN-3930-1.NASL", "UBUNTU_USN-3930-2.NASL", "UBUNTU_USN-3931-1.NASL", "UBUNTU_USN-3931-2.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-3933-1.NASL", "UBUNTU_USN-3979-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-3982-1.NASL", "UBUNTU_USN-3982-2.NASL", "UBUNTU_USN-4005-1.NASL", "UBUNTU_USN-4008-1.NASL", "UBUNTU_USN-4008-2.NASL", "UBUNTU_USN-4008-3.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4096-1.NASL", "UBUNTU_USN-4114-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4116-1.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4157-1.NASL", "UBUNTU_USN-4157-2.NASL", "UBUNTU_USN-4162-1.NASL", "UBUNTU_USN-4163-1.NASL", "VIRTUOZZO_VZA-2019-064.NASL", "VIRTUOZZO_VZA-2019-068.NASL", "VIRTUOZZO_VZA-2019-074.NASL", "VIRTUOZZO_VZA-2019-078.NASL", "VIRTUOZZO_VZA-2019-081.NASL", "VIRTUOZZO_VZA-2019-085.NASL", "VIRTUOZZO_VZA-2019-086.NASL", "VIRTUOZZO_VZA-2020-011.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108620", "OPENVAS:1361412562310704308", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310704495", "OPENVAS:1361412562310815400", "OPENVAS:1361412562310815401", "OPENVAS:1361412562310815402", "OPENVAS:1361412562310815403", "OPENVAS:1361412562310815404", "OPENVAS:1361412562310815406", "OPENVAS:1361412562310815408", "OPENVAS:1361412562310815409", "OPENVAS:1361412562310815410", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310815438", "OPENVAS:1361412562310815439", "OPENVAS:1361412562310815513", "OPENVAS:1361412562310815514", "OPENVAS:1361412562310843644", "OPENVAS:1361412562310843646", "OPENVAS:1361412562310843647", "OPENVAS:1361412562310843648", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843885", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843895", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843903", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310844004", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844008", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310844035", "OPENVAS:1361412562310844037", "OPENVAS:1361412562310844041", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844103", "OPENVAS:1361412562310844104", "OPENVAS:1361412562310844111", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844136", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310851952", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310852240", "OPENVAS:1361412562310852274", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310874675", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874710", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875413", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875421", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875426", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875558", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875560", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875697", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876038", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876089", "OPENVAS:1361412562310876095", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876290", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876334", "OPENVAS:1361412562310876360", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876399", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876446", "OPENVAS:1361412562310876449", "OPENVAS:1361412562310876466", "OPENVAS:1361412562310876467", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876477", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876647", "OPENVAS:1361412562310876648", "OPENVAS:1361412562310876652", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876660", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310883095", "OPENVAS:1361412562310883096", "OPENVAS:1361412562310891531", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562311220181269", "OPENVAS:1361412562311220181370", "OPENVAS:1361412562311220181372", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562311220181433", "OPENVAS:1361412562311220191062", "OPENVAS:1361412562311220191108", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191178", "OPENVAS:1361412562311220191181", "OPENVAS:1361412562311220191221", "OPENVAS:1361412562311220191223", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191303", "OPENVAS:1361412562311220191304", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191586", "OPENVAS:1361412562311220191587", "OPENVAS:1361412562311220191588", "OPENVAS:1361412562311220191612", "OPENVAS:1361412562311220191672", "OPENVAS:1361412562311220191692", "OPENVAS:1361412562311220191702", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220201452"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4208", "ELSA-2019-1873", "ELSA-2019-1959", "ELSA-2019-2029", "ELSA-2019-2411", "ELSA-2019-2473", "ELSA-2019-2600", "ELSA-2019-4528", "ELSA-2019-4541", "ELSA-2019-4729", "ELSA-2019-4733", "ELSA-2019-4735", "ELSA-2019-4746", "ELSA-2019-4775", "ELSA-2019-4777", "ELSA-2021-9459"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150001", "PACKETSTORM:152663"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0224", "PHSA-2019-1.0-0235", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0251", "PHSA-2019-2.0-0160", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0175", "PHSA-2019-2.0-0189", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0034", "PHSA-2020-2.0-0225"]}, {"type": "redhat", "idList": ["RHSA-2019:1973", "RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2473", "RHSA-2019:2600", "RHSA-2019:2609"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-14625", "RH:CVE-2018-9363"]}, {"type": "slackware", "idList": ["SSA-2019-030-01", "SSA-2019-169-01", "SSA-2019-202-01", "SSA-2019-226-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2404-1", "OPENSUSE-SU-2018:2407-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2019:0065-1", "OPENSUSE-SU-2019:0140-1", "OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2021:3876-1"]}, {"type": "symantec", "idList": ["SMNTC-109509"]}, {"type": "talosblog", "idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:7C2166B58EF6EE65AF920B2CE0FD9845", "THN:E3EB255FBC069136903C8881DF473DF0"]}, {"type": "threatpost", "idList": ["THREATPOST:0257327E5115B699AC58115D6D5416A1", "THREATPOST:0C3D5795D480495E2117878151D25765", "THREATPOST:25B39CC0AC8A2CF8DE7334F890A87907", "THREATPOST:25E72D5927161BC631CDDD38FB642431", "THREATPOST:62D876A38CF65F658A4E0332E90F521A"]}, {"type": "ubuntu", "idList": ["USN-3775-1", "USN-3775-2", "USN-3776-1", "USN-3776-2", "USN-3777-1", "USN-3777-2", "USN-3777-3", "USN-3797-1", "USN-3797-2", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3872-1", "USN-3878-1", "USN-3878-2", "USN-3878-3", "USN-3880-1", "USN-3880-2", "USN-3979-1", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-3982-1", "USN-3982-2", "USN-4005-1", "USN-4008-1", "USN-4008-2", "USN-4008-3", "USN-4068-1", "USN-4068-2", "USN-4069-1", "USN-4076-1", "USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4095-2", "USN-4096-1", "USN-4114-1", "USN-4115-1", "USN-4116-1", "USN-4117-1", "USN-4118-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-1125", "UB:CVE-2019-14821", "UB:CVE-2019-14835", "UB:CVE-2019-9506"]}, {"type": "virtuozzo", "idList": ["VZA-2018-089", "VZA-2019-064", "VZA-2019-066", "VZA-2019-067", "VZA-2019-068", "VZA-2019-074", "VZA-2019-076", "VZA-2019-078", "VZA-2019-081", "VZA-2019-085", "VZA-2020-010", "VZA-2020-011"]}, {"type": "zdt", "idList": ["1337DAY-ID-32619"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-10853", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-14625", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-14734", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-15594", "epss": 0.0005, "percentile": 0.17362, "modified": "2023-05-06"}, {"cve": "CVE-2018-16871", "epss": 0.00778, "percentile": 0.78808, "modified": "2023-05-06"}, {"cve": "CVE-2018-16884", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-18281", "epss": 0.00093, "percentile": 0.38382, "modified": "2023-05-06"}, {"cve": "CVE-2018-20856", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-9363", "epss": 0.00134, "percentile": 0.47112, "modified": "2023-05-06"}, {"cve": "CVE-2018-9517", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2019-10126", "epss": 0.01137, "percentile": 0.82617, "modified": "2023-05-06"}, {"cve": "CVE-2019-1071", "epss": 0.00049, "percentile": 0.15418, "modified": "2023-05-06"}, {"cve": "CVE-2019-1073", "epss": 0.00049, "percentile": 0.15418, "modified": "2023-05-06"}, {"cve": "CVE-2019-11085", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2019-1125", "epss": 0.0008, "percentile": 0.32743, "modified": "2023-05-06"}, {"cve": "CVE-2019-11599", "epss": 0.00043, "percentile": 0.07492, "modified": "2023-05-06"}, {"cve": "CVE-2019-11810", "epss": 0.01119, "percentile": 0.82479, "modified": "2023-05-06"}, {"cve": "CVE-2019-11811", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2019-11833", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2019-14821", "epss": 0.00047, "percentile": 0.14348, "modified": "2023-05-06"}, {"cve": "CVE-2019-14835", "epss": 0.00069, "percentile": 0.28387, "modified": "2023-05-06"}, {"cve": "CVE-2019-3459", "epss": 0.00123, "percentile": 0.45219, "modified": "2023-05-06"}, {"cve": "CVE-2019-3460", "epss": 0.00123, "percentile": 0.45219, "modified": "2023-05-06"}, {"cve": "CVE-2019-3846", "epss": 0.00102, "percentile": 0.40386, "modified": "2023-05-06"}, {"cve": "CVE-2019-3882", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2019-3900", "epss": 0.00165, "percentile": 0.51774, "modified": "2023-05-06"}, {"cve": "CVE-2019-5489", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2019-9506", "epss": 0.00095, "percentile": 0.38753, "modified": "2023-05-06"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1685051796, "score": 1685053364, "epss": 0}, "_internal": {"score_hash": "a77e03c11743d572f4b55ff115ea8c9a"}, "pluginID": "132495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0253. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132495);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0253\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ],\n \"CGSL MAIN 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "naslFamily": "NewStart CGSL Local Security Checks", "cpe": [], "solution": "Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE for more information.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2019-3846", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-12-27T00:00:00", "vulnerabilityPublicationDate": "2018-07-29T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-24T14:33:48", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/132474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0247. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132474);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0247\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\"\n ],\n \"CGSL MAIN 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:03", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/129920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0183. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129920);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:01", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/129900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0180. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129900);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:58", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-14821", "CVE-2019-14835"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/129924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0200. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129924);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-14821\", \"CVE-2019-14835\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:19", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1873 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127603", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-1873.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127603);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-1873 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-1873.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-957.27.2.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-1873');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-957.27.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:18", "description": "Security Fix(es) :\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190729_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/127726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127726);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - kernel: nfs: use-after-free in svc_process_common()\n (CVE-2018-16884)\n\n - kernel: insufficient input validation in kernel mode\n driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: nfs: NULL pointer dereference due to an\n anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: use-after-free in\n drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c,\n ipmi_si_port_io.c (CVE-2019-11811)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=10631\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8234bf94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:42", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https:// access.redhat.com/articles/4309211", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel"], "id": "CENTOS_RHSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1873 and \n# CentOS Errata and Security Advisory 2019:1873 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127469);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add\nseveral enhancements. Space precludes documenting all of the bug fixes\nin this advisory. See the descriptions in the related Knowledge\nArticle: https:// access.redhat.com/articles/4309211\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023374.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8757c05d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:09", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https:// access.redhat.com/articles/4309211", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1873. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127618);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add\nseveral enhancements. Space precludes documenting all of the bug fixes\nin this advisory. See the descriptions in the related Knowledge\nArticle: https:// access.redhat.com/articles/4309211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/4309211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1873\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1873\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:20", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:1891)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1891.NASL", "href": "https://www.tenable.com/plugins/nessus/127623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1891. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127623);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1891\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:1891)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1891\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1891\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:18", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3055 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. (CVE-2019-9506)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. (CVE-2019-10126)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/130039", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-3055.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130039);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-3055 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing the key length negotiation. This allows practical\n brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the\n victim noticing. (CVE-2019-9506)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other\n consequences. (CVE-2019-10126)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-3055.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.4.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-3055');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.4.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.4.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:37", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ# 1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/129958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3055. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129958);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree\n(BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows\nServer 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#\n1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM\nwith > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with\nInPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6\naddress (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE\nsystem (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application\nfailure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds,\nbut the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP\nconnection setup and may cause DoS type reconnect problem in complex\nnetwork environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to\nsupport bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control\ngroup (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3055\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3055\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:39", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)", "cvss3": {}, "published": "2019-10-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:3089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3089.NASL", "href": "https://www.tenable.com/plugins/nessus/129992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3089. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129992);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3089\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:3089)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3089\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3089\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:03", "description": "An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2019:3076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/129960", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129960);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3076\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2019:3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kpatch-patch is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis is a kernel live patch module which is automatically loaded by\nthe RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-1-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062-debuginfo-1-5.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_1-1-4.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_1-debuginfo-1-4.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_2-1-3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kpatch-patch-3_10_0-1062_1_2-debuginfo-1-3.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:50", "description": "Security Fix(es) :\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n - gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n - [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n - high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n - [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n - kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n - Growing unreclaimable slab memory (BZ#1741920)\n\n - [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#1741926)\n\n - [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n - Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n - RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n - RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ#1744444)\n\n - NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n - [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n - NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n - [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n - Allows macvlan to operated correctly over the active-backup mode to support bonding events.\n (BZ#1751579)\n\n - [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20191016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191016_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/130078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130078);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10126\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20191016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - kernel: Use-after-free in __blk_drain_queue() function\n in block/blk-core.c (CVE-2018-20856)\n\n - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie\n function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation\n attacks (KNOB) (CVE-2019-9506)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies\n function in drivers/net/wireless/marvell/mwifiex/ie.c\n (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n - gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n - [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use\n kvfree (BZ#1740178)\n\n - high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n - [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V\n guest of Windows Server 2019. (BZ#1740188)\n\n - kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n - Growing unreclaimable slab memory (BZ#1741920)\n\n - [bnx2x] ping failed from pf to vf which has been\n attached to vm (BZ#1741926)\n\n - [Hyper-V]vPCI devices cannot allocate IRQs vectors in a\n Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode)\n (BZ#1743324)\n\n - Macsec: inbound MACSEC frame is unexpectedly dropped\n with InPktsNotValid (BZ#1744442)\n\n - RHEL 7.7 Beta - Hit error when trying to run nvme\n connect with IPv6 address (BZ#1744443)\n\n - RHEL 7.6 SS4 - Paths lost when running straight I/O on\n NVMe/RoCE system (BZ#1744444)\n\n - NFSv4.0 client sending a double CLOSE (leading to EIO\n application failure) (BZ#1744946)\n\n - [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes\n 10 seconds, but the VM was unavailable for 2 hours\n (BZ#1748239)\n\n - NFS client autodisconnect timer may fire immediately\n after TCP connection setup and may cause DoS type\n reconnect problem in complex network environments\n (BZ#1749290)\n\n - [Inspur] RHEL7.6 ASPEED graphic card display issue\n (BZ#1749296)\n\n - Allows macvlan to operated correctly over the\n active-backup mode to support bonding events.\n (BZ#1751579)\n\n - [LLNL 7.5 Bug] slab leak causing a crash when using kmem\n control group (BZ#1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1737373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1740192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1741920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1741926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1743324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1744946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1748239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1749290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1749296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1751579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1752421\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1910&L=SCIENTIFIC-LINUX-ERRATA&P=1567\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e7582ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.4.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:05", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ# 1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:3055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20856", "CVE-2019-10126", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-3055.NASL", "href": "https://www.tenable.com/plugins/nessus/130128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3055 and \n# CentOS Errata and Security Advisory 2019:3055 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130128);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3055\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:3055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free in __blk_drain_queue() function in\nblock/blk-core.c (CVE-2018-20856)\n\n* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in\nmarvell/mwifiex/scan.c (CVE-2019-3846)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in\ndrivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree\n(BZ#1740178)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740180)\n\n* [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows\nServer 2019. (BZ#1740188)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740192)\n\n* Growing unreclaimable slab memory (BZ#1741920)\n\n* [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#\n1741926)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM\nwith > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)\n\n* Macsec: inbound MACSEC frame is unexpectedly dropped with\nInPktsNotValid (BZ#1744442)\n\n* RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6\naddress (BZ#1744443)\n\n* RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE\nsystem (BZ #1744444)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application\nfailure) (BZ#1744946)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds,\nbut the VM was unavailable for 2 hours (BZ#1748239)\n\n* NFS client autodisconnect timer may fire immediately after TCP\nconnection setup and may cause DoS type reconnect problem in complex\nnetwork environments (BZ#1749290)\n\n* [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)\n\n* Allows macvlan to operated correctly over the active-backup mode to\nsupport bonding events. (BZ#1751579)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control\ngroup (BZ# 1752421)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-October/023488.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68dd670d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.4.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.4.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:13", "description": "Security Fix(es) :\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n - kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)\n\n - kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734)\n\n - kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n - kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755)\n\n - kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl () can lead to potential denial of service (CVE-2018-8087)\n\n - kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516)\n\n - kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)\n\n - kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)\n\n - kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)\n\n - kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)\n\n - kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)\n\n - kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128226);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-14625\", \"CVE-2018-14734\", \"CVE-2018-15594\", \"CVE-2018-16658\", \"CVE-2018-16885\", \"CVE-2018-18281\", \"CVE-2018-7755\", \"CVE-2018-8087\", \"CVE-2018-9363\", \"CVE-2018-9516\", \"CVE-2018-9517\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11833\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-7222\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Kernel: vhost_net: infinite loop while receiving packets\n leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - kernel: Buffer overflow in hidp_process_report\n (CVE-2018-9363)\n\n - kernel: l2tp: Race condition between\n pppol2tp_session_create() and l2tp_eth_create()\n (CVE-2018-9517)\n\n - kernel: kvm: guest userspace to guest kernel write\n (CVE-2018-10853)\n\n - kernel: use-after-free Read in vhost_transport_send_pkt\n (CVE-2018-14625)\n\n - kernel: use-after-free in ucma_leave_multicast in\n drivers/infiniband/core/ucma.c (CVE-2018-14734)\n\n - kernel: Mishandling of indirect calls weakens Spectre\n mitigation for paravirtual guests (CVE-2018-15594)\n\n - kernel: TLB flush happens too late on mremap\n (CVE-2018-18281)\n\n - kernel: Heap address information leak while using\n L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using\n L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: denial of service vector through vfio DMA\n mappings (CVE-2019-3882)\n\n - kernel: fix race condition between\n mmget_not_zero()/get_task_mm() and core dumping\n (CVE-2019-11599)\n\n - kernel: a NULL pointer dereference in\n drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS\n (CVE-2019-11810)\n\n - kernel: fs/ext4/extents.c leads to information\n disclosure (CVE-2019-11833)\n\n - kernel: Information exposure in fd_locked_ioctl function\n in drivers/block/floppy.c (CVE-2018-7755)\n\n - kernel: Memory leak in\n drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl\n () can lead to potential denial of service\n (CVE-2018-8087)\n\n - kernel: HID: debug: Buffer overflow in\n hid_debug_events_read() in drivers/hid/hid-debug.c\n (CVE-2018-9516)\n\n - kernel: Integer overflow in the alarm_timer_nsleep\n function (CVE-2018-13053)\n\n - kernel: NULL pointer dereference in lookup_slow function\n (CVE-2018-13093)\n\n - kernel: NULL pointer dereference in xfs_da_shrink_inode\n function (CVE-2018-13094)\n\n - kernel: NULL pointer dereference in\n fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)\n\n - kernel: Information leak in cdrom_ioctl_drive_status\n (CVE-2018-16658)\n\n - kernel: out-of-bound read in memcpy_fromiovecend()\n (CVE-2018-16885)\n\n - Kernel: KVM: leak of uninitialized stack contents to\n guest (CVE-2019-7222)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=27383\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7341f16c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:22", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9456"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/127650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2029. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127650);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-7755\",\n \"CVE-2018-8087\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-13053\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13095\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-16885\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9456\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11833\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2029\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:2029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and\nl2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt\n(CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in\ndrivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for\nparavirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT\n(CVE-2019-3459)\n\n* kernel: Heap address information leak while using\nL2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings\n(CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm()\nand core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure\n(CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in\ndrivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/\nmac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of\nservice (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in\ndrivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function\n(CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function\n(CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function\n(CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c\n(CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status\n(CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest\n(CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-14625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-14734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-15594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11833\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10853\", \"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-14625\", \"CVE-2018-14734\", \"CVE-2018-15594\", \"CVE-2018-16658\", \"CVE-2018-16885\", \"CVE-2018-18281\", \"CVE-2018-7755\", \"CVE-2018-8087\", \"CVE-2018-9363\", \"CVE-2018-9516\", \"CVE-2018-9517\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11833\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-7222\", \"CVE-2019-9456\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2029\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2029\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:15", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:2043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9456"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2043.NASL", "href": "https://www.tenable.com/plugins/nessus/127655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2043. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127655);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-7755\",\n \"CVE-2018-8087\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-13053\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13095\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-16885\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9456\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11833\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2043\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:2043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and\nl2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt\n(CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in\ndrivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for\nparavirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT\n(CVE-2019-3459)\n\n* kernel: Heap address information leak while using\nL2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings\n(CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm()\nand core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure\n(CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in\ndrivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/\nmac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of\nservice (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in\ndrivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function\n(CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function\n(CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function\n(CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c\n(CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status\n(CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest\n(CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-14625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-14734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-15594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11833\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10853\", \"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-14625\", \"CVE-2018-14734\", \"CVE-2018-15594\", \"CVE-2018-16658\", \"CVE-2018-16885\", \"CVE-2018-18281\", \"CVE-2018-7755\", \"CVE-2018-8087\", \"CVE-2018-9363\", \"CVE-2018-9516\", \"CVE-2018-9517\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11833\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-7222\", \"CVE-2019-9456\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2043\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2043\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.rt56.1022.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.rt56.1022.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:52", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9456"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/128651", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2029 and \n# CentOS Errata and Security Advisory 2019:2029 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128651);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-7755\",\n \"CVE-2018-8087\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-13053\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13095\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-16885\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9456\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11833\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2029\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:2029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)\n\n* kernel: l2tp: Race condition between pppol2tp_session_create() and\nl2tp_eth_create() (CVE-2018-9517)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt\n(CVE-2018-14625)\n\n* kernel: use-after-free in ucma_leave_multicast in\ndrivers/infiniband/core/ ucma.c (CVE-2018-14734)\n\n* kernel: Mishandling of indirect calls weakens Spectre mitigation for\nparavirtual guests (CVE-2018-15594)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT\n(CVE-2019-3459)\n\n* kernel: Heap address information leak while using\nL2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: denial of service vector through vfio DMA mappings\n(CVE-2019-3882)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm()\nand core dumping (CVE-2019-11599)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: fs/ext4/extents.c leads to information disclosure\n(CVE-2019-11833)\n\n* kernel: Information exposure in fd_locked_ioctl function in\ndrivers/block/ floppy.c (CVE-2018-7755)\n\n* kernel: Memory leak in drivers/net/wireless/\nmac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of\nservice (CVE-2018-8087)\n\n* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in\ndrivers/ hid/hid-debug.c (CVE-2018-9516)\n\n* kernel: Integer overflow in the alarm_timer_nsleep function\n(CVE-2018-13053)\n\n* kernel: NULL pointer dereference in lookup_slow function\n(CVE-2018-13093)\n\n* kernel: NULL pointer dereference in xfs_da_shrink_inode function\n(CVE-2018-13094)\n\n* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c\n(CVE-2018-13095)\n\n* kernel: Information leak in cdrom_ioctl_drive_status\n(CVE-2018-16658)\n\n* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest\n(CVE-2019-7222)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-September/006197.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c870043\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:57", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-14835"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/129888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0189. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129888);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-14835\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0189\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.20.294.gaf4b22d\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:16:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599", "CVE-2019-6974"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/132886", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0103. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132886);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-10853\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-6974\",\n \"CVE-2019-11599\"\n );\n script_bugtraq_id(105761, 107127, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0103\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0103)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-6974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1671913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 250, 362, 416, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-6974', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0103');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.62.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:28", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"], "id": "REDHAT-RHSA-2020-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/132947", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0100. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132947);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-18281\", \"CVE-2018-20856\", \"CVE-2019-11599\");\n script_xref(name:\"RHSA\", value:\"2020:0100\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:0100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0100');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:05", "description": "The version of AOS installed on the remote host is prior to 5.16.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.0.1 advisory.\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (CVE-2018-13093)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)\n\n - A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. (CVE-2018-8087)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.\n (CVE-2018-9363)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. (CVE-2018-9516)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-0155)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. (CVE-2019-10126)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. (CVE-2019-18397)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)\n\n - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.\n (CVE-2019-5544)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially- crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.\n (CVE-2019-9500)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.0.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-10940", "CVE-2018-12207", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11135", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11729", "CVE-2019-11745", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15239", "CVE-2019-18397", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-5544", "CVE-2019-7222", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9506"], "modified": "2023-05-13T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164593", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164593);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/13\");\n\n script_cve_id(\n \"CVE-2018-7755\",\n \"CVE-2018-8087\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-12207\",\n \"CVE-2018-13053\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13095\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-16885\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-5544\",\n \"CVE-2019-7222\",\n \"CVE-2019-9500\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11135\",\n \"CVE-2019-11599\",\n \"CVE-2019-11729\",\n \"CVE-2019-11745\",\n \"CVE-2019-11810\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.0.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.16.0.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.16.0.1 advisory.\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges\n inside guest. (CVE-2018-10853)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to potentially enable denial of service of the host system via\n local access. (CVE-2018-12207)\n\n - The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an\n integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer\n dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted\n xfs image. This occurs because of a lack of proper validation that cached inodes are free during\n allocation. (CVE-2018-13093)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may\n occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of\n service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is\n in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between connect() and close() function may allow an\n attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients. (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial\n of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which\n makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)\n\n - A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar\n functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in\n certain cases causing a memory access fault and a system halt by accessing invalid memory address. This\n issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel\n through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM\n ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\n location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux\n kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering\n an out-of-array error case. (CVE-2018-8087)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed. User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.\n (CVE-2018-9363)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a\n missing bounds check. This could lead to local escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android\n ID: A-71361580. (CVE-2018-9516)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local\n escalation of privilege with System execution privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold\n Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900\n Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold\n Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900\n Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R)\n Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077\n (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11,\n 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of\n privilege via local access. (CVE-2019-0155)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other\n consequences. (CVE-2019-10126)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly\n sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox\n < 68, and Thunderbird < 60.8. (CVE-2019-11729)\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-11745)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU\n FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code\n by delivering crafted text content to a user, when this content is then rendered by an application that\n uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses\n Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the\n attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in\n HexChat. (CVE-2019-18397)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system memory exhaustion and thus a\n denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster\n than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the\n vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers\n to observe page cache access patterns of other processes on the same system, potentially allowing sniffing\n of secret information. (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in accessing public files from an\n Apache HTTP Server. (CVE-2019-5489)\n\n - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated\n the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.\n (CVE-2019-5544)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable\n to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event\n frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This\n vulnerability can be exploited with compromised chipsets to compromise the host, or when used in\n combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-\n crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a\n vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.\n (CVE-2019-9500)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing the key length negotiation. This allows practical\n brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the\n victim noticing. (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.16.0.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ec7e0a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.16.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.16.0.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.16.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.16.0.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:16:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11599"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0179.NASL", "href": "https://www.tenable.com/plugins/nessus/133164", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0179. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133164);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-18281\", \"CVE-2019-11599\");\n script_bugtraq_id(105761, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0179\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0179');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.43.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:04", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734325)\n\n* Race condition in /dev/sg due to missing synchronization causes corruption in RHV (BZ#1737378)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740177)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740179)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740191)\n\n* Growing unreclaimable slab memory (BZ#1741919)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743323)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744945)\n\n* powerpc/pseries: Fix uninitialized timer reset on migration / powerpc/pseries /mobility: Extend start/stop topology update scope (LPM) (BZ#1745441)\n\n* ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during LPM (POWER9/P9) (BZ#1745448)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ# 1748237)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748238)\n\n* Allows macvlan to operate correctly over the active-backup mode to support bonding events (BZ#1749291)\n\n* debug kernel reports scheduling while atomic bug in EFI code (BZ#1755324)", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:3220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1125", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-3220.NASL", "href": "https://www.tenable.com/plugins/nessus/130376", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3220. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130376);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n script_xref(name:\"RHSA\", value:\"2019:3220\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:3220)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to\nDoS (CVE-2019-3900)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks\n(KNOB) (CVE-2019-9506)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734325)\n\n* Race condition in /dev/sg due to missing synchronization causes\ncorruption in RHV (BZ#1737378)\n\n* [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree\n(BZ#1740177)\n\n* high update_cfs_rq_blocked_load contention (BZ#1740179)\n\n* kvm: backport cpuidle-haltpoll driver (BZ#1740191)\n\n* Growing unreclaimable slab memory (BZ#1741919)\n\n* [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM\nwith > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743323)\n\n* NFSv4.0 client sending a double CLOSE (leading to EIO application\nfailure) (BZ#1744945)\n\n* powerpc/pseries: Fix uninitialized timer reset on migration /\npowerpc/pseries /mobility: Extend start/stop topology update scope\n(LPM) (BZ#1745441)\n\n* ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during\nLPM (POWER9/P9) (BZ#1745448)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control\ngroup (BZ# 1748237)\n\n* [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds,\nbut the VM was unavailable for 2 hours (BZ#1748238)\n\n* Allows macvlan to operate correctly over the active-backup mode to\nsupport bonding events (BZ#1749291)\n\n* debug kernel reports scheduling while atomic bug in EFI code\n(BZ#1755324)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/4329821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-1125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9506\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-1125\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3220\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3220\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-abi-whitelists-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-doc-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.38.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:26", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4775 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.38.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.38.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4775.NASL", "href": "https://www.tenable.com/plugins/nessus/128600", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4775.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128600);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-1125\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4775 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4775.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1125\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.38.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.38.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.38.1.el6uek', '3.8.13-118.38.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4775');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.38.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.38.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.38.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.38.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.38.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.38.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.38.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.38.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.38.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.38.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.38.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.38.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.38.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.38.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.38.1.el6uek / dtrace-modules-3.8.13-118.38.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:08", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4735 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4735.NASL", "href": "https://www.tenable.com/plugins/nessus/127614", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4735.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127614);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-1125\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4735 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4735.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1125\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.29.3.1.el6uek', '4.1.12-124.29.3.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4735');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.29.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.29.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:42", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4777 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125"], "modified": "2021-09-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel"], "id": "ORACLELINUX_ELSA-2019-4777.NASL", "href": "https://www.tenable.com/plugins/nessus/128601", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4777.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128601);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-1125\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4777 advisory.\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4777.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1125\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.314.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4777');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.314.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.314.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.314.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.314.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.314.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.314.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.314.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.314.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.314.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.314.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:06:12", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0036 advisory.\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-10661", "CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0036.NASL", "href": "https://www.tenable.com/plugins/nessus/132700", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0036. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132700);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2018-10853\",\n \"CVE-2018-18281\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_bugtraq_id(\n 100215,\n 102329,\n 105761,\n 108286,\n 108410\n );\n script_xref(name:\"RHSA\", value:\"2020:0036\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0036 advisory.\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege\n escalation (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS\n (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c\n (CVE-2019-11811)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1481136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1563994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 416, 476, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.5')) audit(AUDIT_OS_NOT, 'Red Hat 7.5', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-0861', 'CVE-2017-10661', 'CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11810', 'CVE-2019-11811');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0036');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/eus/rhel/computenode/7/7.5/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.5/x86_64/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-862.46.1.el7', 'sp':'5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T10:33:37", "description": "The version of AOS installed on the remote host is prior to 5.16.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1 advisory.\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (CVE-2018-13093)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. (CVE-2018-8087)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.\n (CVE-2018-9363)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. (CVE-2018-9516)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-0155)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. (CVE-2019-10126)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. (CVE-2019-18397)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)\n\n - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.\n (CVE-2019-5544)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially- crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.\n (CVE-2019-9500)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-10940", "CVE-2018-12207", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-16871", "CVE-2018-16881", "CVE-2018-16884", "CVE-2018-16885", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-7755", "CVE-2018-8087", "CVE-2018-9363", "CVE-2018-9516", "CVE-2018-9517", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-11135", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11729", "CVE-2019-11745", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14287", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15239", "CVE-2019-18397", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-5544", "CVE-2019-7222", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9506"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_16_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164695", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164695);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-7755\",\n \"CVE-2018-8087\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-12207\",\n \"CVE-2018-13053\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13095\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-16871\",\n \"CVE-2018-16881\",\n \"CVE-2018-16884\",\n \"CVE-2018-16885\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-1125\",\n \"CVE-2019-2945\",\n \"CVE-2019-2949\",\n \"CVE-2019-2962\",\n \"CVE-2019-2964\",\n \"CVE-2019-2973\",\n \"CVE-2019-2975\",\n \"CVE-2019-2978\",\n \"CVE-2019-2981\",\n \"CVE-2019-2983\",\n \"CVE-2019-2987\",\n \"CVE-2019-2988\",\n \"CVE-2019-2989\",\n \"CVE-2019-2992\",\n \"CVE-2019-2999\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-5544\",\n \"CVE-2019-7222\",\n \"CVE-2019-9500\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11135\",\n \"CVE-2019-11599\",\n \"CVE-2019-11729\",\n \"CVE-2019-11745\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14287\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15239\",\n \"CVE-2019-18397\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.16.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.16.1 advisory.\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges\n inside guest. (CVE-2018-10853)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to potentially enable denial of service of the host system via\n local access. (CVE-2018-12207)\n\n - The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an\n integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer\n dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted\n xfs image. This occurs because of a lack of proper validation that cached inodes are free during\n allocation. (CVE-2018-13093)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may\n occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of\n service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is\n in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between connect() and close() function may allow an\n attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients. (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial\n of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which\n makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a\n specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0\n are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar\n functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in\n certain cases causing a memory access fault and a system halt by accessing invalid memory address. This\n issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel\n through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM\n ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\n location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux\n kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering\n an out-of-array error case. (CVE-2018-8087)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed. User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.\n (CVE-2018-9363)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a\n missing bounds check. This could lead to local escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android\n ID: A-71361580. (CVE-2018-9516)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local\n escalation of privilege with System execution privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold\n Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900\n Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold\n Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900\n Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R)\n Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077\n (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11,\n 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of\n privilege via local access. (CVE-2019-0155)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other\n consequences. (CVE-2019-10126)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly\n sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox\n < 68, and Thunderbird < 60.8. (CVE-2019-11729)\n\n - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the\n block size, a small out of bounds write could occur. This could have caused heap corruption and a\n potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and\n Firefox < 71. (CVE-2019-11745)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy\n blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user\n ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u\n \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU\n FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code\n by delivering crafted text content to a user, when this content is then rendered by an application that\n uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses\n Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the\n attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in\n HexChat. (CVE-2019-18397)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java\n SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component\n without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web\n service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported\n versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are\n affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java\n SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service\n which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are\n affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks require human interaction from a person other than the attacker and while the vulnerability is in\n Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as\n unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java\n deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the\n Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system memory exhaustion and thus a\n denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster\n than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the\n vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers\n to observe page cache access patterns of other processes on the same system, potentially allowing sniffing\n of secret information. (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in accessing public files from an\n Apache HTTP Server. (CVE-2019-5489)\n\n - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated\n the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.\n (CVE-2019-5544)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable\n to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event\n frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This\n vulnerability can be exploited with compromised chipsets to compromise the host, or when used in\n combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-\n crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a\n vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.\n (CVE-2019-9500)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing the key length negotiation. This allows practical\n brute-force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the\n victim noticing. (CVE-2019-9506)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.16.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a1e6a04\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.16.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.16.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.16.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.16.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:45", "description": "An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [DELL 8.0 z-stream BUG] - 'CPU unsupported' message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048)\n\n* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/ un-plug operations. (kvm) (BZ#1714746)\n\n* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a Power9 System (BZ#1714751)\n\n* VRSAVE register not properly saved and restored (BZ#1714753)\n\n* Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754)\n\n* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018)\n\n* iommu/amd: Set exclusion range correctly (BZ#1715336)\n\n* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337)\n\n* cross compile builds are broken (BZ#1715339)\n\n* Patch generated by 'make rh-test-patch' doesn't get applied during build (BZ#1715340)\n\n* hard lockup panic in during execution of CFS bandwidth period timer (BZ# 1715345)\n\n* perf annotate -P does not give full paths (BZ#1716887)\n\n* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)\n\n* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/ drm_ioctl.c (BZ#1717382)\n\n* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)\n\n* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)\n\n* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu:\nINFO: rcu_sched self-detected stall on CPU (BZ#1717801)\n\n* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)\n\n* dm cache metadata: Fix loading discard bitset (BZ#1717868)\n\n* jit'd java code on power9 ppc64le experiences stack corruption (BZ#1717869)\n\n* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error (BZ# 1717870)\n\n* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ# 1718237)\n\n* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635)\n\n* AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233)\n\n* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365)\n\n* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)\n\n* [DELL 8.0 BUG] - 'CPU unsupported' message with WHL-U due to updated Stepping (BZ#1722372)\n\nEnhancement(s) :\n\n* RHEL 8 - AMD Rome Support (BZ#1721972)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2019:1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/127637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1959. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127637);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/01\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2019:1959)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap)\n(BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in\nkernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [DELL 8.0 z-stream BUG] - 'CPU unsupported' message with CFL-H/S 8+2\ndue to updated Stepping (BZ#1711048)\n\n* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device\nhot-plug/ un-plug operations. (kvm) (BZ#1714746)\n\n* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a\nPower9 System (BZ#1714751)\n\n* VRSAVE register not properly saved and restored (BZ#1714753)\n\n* Fix potential spectre gadget in arch/s390/kvm/interrupt.c\n(BZ#1714754)\n\n* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation\n(required for POWER9 DD2.3) (BZ#1715018)\n\n* iommu/amd: Set exclusion range correctly (BZ#1715336)\n\n* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during\nhierarchical load calculation (BZ#1715337)\n\n* cross compile builds are broken (BZ#1715339)\n\n* Patch generated by 'make rh-test-patch' doesn't get applied during\nbuild (BZ#1715340)\n\n* hard lockup panic in during execution of CFS bandwidth period timer\n(BZ# 1715345)\n\n* perf annotate -P does not give full paths (BZ#1716887)\n\n* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330\nPERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)\n\n* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and\ndrivers/gpu/drm/ drm_ioctl.c (BZ#1717382)\n\n* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)\n\n* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)\n\n* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu:\nINFO: rcu_sched self-detected stall on CPU (BZ#1717801)\n\n* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation\nafter a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)\n\n* dm cache metadata: Fix loading discard bitset (BZ#1717868)\n\n* jit'd java code on power9 ppc64le experiences stack corruption\n(BZ#1717869)\n\n* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error\n(BZ# 1717870)\n\n* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d\n(BZ# 1718237)\n\n* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time\ncausing auto-mount to fail (BZ#1719635)\n\n* AMD Rome: WARNING: CPU: 1 PID: 0 at\narch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460\n(BZ#1721233)\n\n* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460\n(broken BIOS?) (BZ#1722365)\n\n* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)\n\n* [DELL 8.0 BUG] - 'CPU unsupported' message with WHL-U due to updated\nStepping (BZ#1722372)\n\nEnhancement(s) :\n\n* RHEL 8 - AMD Rome Support (BZ#1721972)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11811\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1959\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1959\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-abi-whitelists-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-cross-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-cross-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-common-aarch64-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-doc-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-libs-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:00:47", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1959 advisory.\n\n - kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2019:1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/145675", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1959. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145675);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-20784\",\n \"CVE-2019-11085\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_bugtraq_id(\n 107138,\n 108286,\n 108410,\n 108488\n );\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2019:1959)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:1959 advisory.\n\n - kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service\n (CVE-2018-20784)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS\n (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c\n (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2018-20784', 'CVE-2019-11085', 'CVE-2019-11810', 'CVE-2019-11811');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2019:1959');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:48", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2019:1971)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-1971.NASL", "href": "https://www.tenable.com/plugins/nessus/127641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1971. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127641);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/01\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n script_xref(name:\"RHSA\", value:\"2019:1971\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2019:1971)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap)\n(BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in\nkernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11811\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1971\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1971\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-core-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-core-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-extra-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-extra-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:05", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1959 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. (CVE-2018-20784)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2019-1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/127976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-1959.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127976);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-20784\",\n \"CVE-2019-11085\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2019-1959)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-1959 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other\n impact by inducing a high load. (CVE-2018-20784)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-1959.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-80.7.1.el8_0'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-1959');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)

Description

Related