Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-1682.NASL
HistoryOct 19, 2020 - 12:00 a.m.

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1682)

2020-10-1900:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

  • CVE-2020-12351: A type confusion while processing AMP packets could be used by physical close attackers to crash the kernel or potentially execute code was fixed (bsc#1177724).

  • CVE-2020-12352: A stack information leak when handling certain AMP packets could be used by physical close attackers to leak information from the kernel was fixed (bsc#1177725).

  • CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).

  • CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511).

The following non-security bugs were fixed :

  • 59c7c3caaaf8 (‘nvme: fix possible hang when ns scanning fails during error recovery’)

  • NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).

  • NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).

  • drm/sun4i: mixer: Extend regmap max_register (git-fixes).

  • ea43d9709f72 (‘nvme: fix identify error status silent ignore’)

  • i2c: meson: fix clock setting overwrite (git-fixes).

  • iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).

  • mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).

  • macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).

  • mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).

  • mmc: core: do not set limits.discard_granularity as 0 (git-fixes).

  • nvme-multipath: do not reset on unknown status (bsc#1174748).

  • nvme-rdma: Avoid double freeing of async event data (bsc#1174748).

  • nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).

  • nvme: Namepace identification descriptor list is optional (bsc#1174748).

  • nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748).

  • nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).

  • nvme: fix possible io failures when removing multipathed ns (bsc#1174748).

  • nvme: make nvme_identify_ns propagate errors back (bsc#1174748).

  • nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).

  • nvme: pass status to nvme_error_status (bsc#1174748).

  • nvme: return error from nvme_alloc_ns() (bsc#1174748).

  • powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).

  • scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683).

  • scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).

  • scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683).

  • scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683).

  • scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683).

  • scsi: hisi_sas: Do some more tidy-up (bsc#1140683).

  • scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).

  • scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh :

  • scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update :

  • scsi: hisi_sas: Some misc tidy-up (bsc#1140683).

  • scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Remove unneeded variable ‘rval’ (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).

  • scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-1682.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(141514);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/12");

  script_cve_id("CVE-2020-12351", "CVE-2020-12352", "CVE-2020-25212", "CVE-2020-25645");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1682)");
  script_summary(english:"Check for the openSUSE-2020-1682 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The openSUSE Leap 15.1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

  - CVE-2020-12351: A type confusion while processing AMP
    packets could be used by physical close attackers to
    crash the kernel or potentially execute code was fixed
    (bsc#1177724).

  - CVE-2020-12352: A stack information leak when handling
    certain AMP packets could be used by physical close
    attackers to leak information from the kernel was fixed
    (bsc#1177725).

  - CVE-2020-25212: A TOCTOU mismatch in the NFS client code
    could be used by local attackers to corrupt memory or
    possibly have unspecified other impact because a size
    check is in fs/nfs/nfs4proc.c instead of
    fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).

  - CVE-2020-25645: Traffic between two Geneve endpoints may
    be unencrypted when IPsec is configured to encrypt
    traffic for the specific UDP port used by the GENEVE
    tunnel allowing anyone between the two endpoints to read
    the traffic unencrypted. The main threat from this
    vulnerability is to data confidentiality (bnc#1177511).

The following non-security bugs were fixed :

  - 59c7c3caaaf8 ('nvme: fix possible hang when ns scanning
    fails during error recovery')

  - NFS: On fatal writeback errors, we need to call
    nfs_inode_remove_request() (bsc#1177340).

  - NFS: Revalidate the file mapping on all fatal writeback
    errors (bsc#1177340).

  - drm/sun4i: mixer: Extend regmap max_register
    (git-fixes).

  - ea43d9709f72 ('nvme: fix identify error status silent
    ignore')

  - i2c: meson: fix clock setting overwrite (git-fixes).

  - iommu/vt-d: Correctly calculate agaw in domain_init()
    (bsc#1176400).

  - mac80211: do not allow bigger VHT MPDUs than the
    hardware supports (git-fixes).

  - macsec: avoid use-after-free in macsec_handle_frame()
    (git-fixes).

  - mm: memcg: switch to css_tryget() in
    get_mem_cgroup_from_mm() (bsc#1177685).

  - mmc: core: do not set limits.discard_granularity as 0
    (git-fixes).

  - nvme-multipath: do not reset on unknown status
    (bsc#1174748).

  - nvme-rdma: Avoid double freeing of async event data
    (bsc#1174748).

  - nvme: Fix ctrl use-after-free during sysfs deletion
    (bsc#1174748).

  - nvme: Namepace identification descriptor list is
    optional (bsc#1174748).

  - nvme: add a Identify Namespace Identification Descriptor
    list quirk (bsc#1174748).

  - nvme: fix deadlock caused by ANA update wrong locking
    (bsc#1174748).

  - nvme: fix possible io failures when removing multipathed
    ns (bsc#1174748).

  - nvme: make nvme_identify_ns propagate errors back
    (bsc#1174748).

  - nvme: make nvme_report_ns_ids propagate error back
    (bsc#1174748).

  - nvme: pass status to nvme_error_status (bsc#1174748).

  - nvme: return error from nvme_alloc_ns() (bsc#1174748).

  - powerpc/dma: Fix dma_map_ops::get_required_mask
    (bsc#1065729).

  - scsi: hisi_sas: Add debugfs ITCT file and add file
    operations (bsc#1140683).

  - scsi: hisi_sas: Add manual trigger for debugfs dump
    (bsc#1140683).

  - scsi: hisi_sas: Add missing seq_printf() call in
    hisi_sas_show_row_32() (bsc#1140683).

  - scsi: hisi_sas: Change return variable type in
    phy_up_v3_hw() (bsc#1140683).

  - scsi: hisi_sas: Correct memory allocation size for DQ
    debugfs (bsc#1140683).

  - scsi: hisi_sas: Do some more tidy-up (bsc#1140683).

  - scsi: hisi_sas: Fix a timeout race of driver internal
    and SMP IO (bsc#1140683).

  - scsi: hisi_sas: Fix type casting and missing static
    qualifier in debugfs code (bsc#1140683). Refresh :

  - scsi: hisi_sas: No need to check return value of
    debugfs_create functions (bsc#1140683). Update :

  - scsi: hisi_sas: Some misc tidy-up (bsc#1140683).

  - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Add SLER and PI control support
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe
    devices (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Correct the check for sscanf() return
    value (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix I/O errors during LIP reset tests
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix I/O failures during remote port
    toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix buffer-buffer credit extraction error
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix crash on session cleanup with unload
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix inconsistent format argument type in
    qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix inconsistent format argument type in
    tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix inconsistent format argument type in
    qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix memory size truncation (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix point-to-point (N2N) device discovery
    issue (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Honor status qualifier in FCP_RSP per
    spec (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Make tgt_port_database available in
    initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Performance tweak (bsc#1176946
    bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Reduce duplicate code in reporting speed
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Remove unneeded variable 'rval'
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Setup debugfs entries for remote ports
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Update version to 10.02.00.102-k
    (bsc#1176946 bsc#1175520 bsc#1172538).

  - scsi: qla2xxx: Update version to 10.02.00.103-k
    (bsc#1176946 bsc#1175520 bsc#1172538)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172538"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1175520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176381"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176400"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177340"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177724"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177725"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12351");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debugsource-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debugsource-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-devel-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-docs-html-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debugsource-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-macros-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-debugsource-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-qa-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-vanilla-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-syms-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debuginfo-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debugsource-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-4.12.14-lp151.28.75.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.75.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
VendorProductVersionCPE
novellopensusekernel-debugp-cpe:/a:novell:opensuse:kernel-debug
novellopensusekernel-debug-basep-cpe:/a:novell:opensuse:kernel-debug-base
novellopensusekernel-debug-base-debuginfop-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo
novellopensusekernel-debug-debuginfop-cpe:/a:novell:opensuse:kernel-debug-debuginfo
novellopensusekernel-debug-debugsourcep-cpe:/a:novell:opensuse:kernel-debug-debugsource
novellopensusekernel-debug-develp-cpe:/a:novell:opensuse:kernel-debug-devel
novellopensusekernel-debug-devel-debuginfop-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo
novellopensusekernel-defaultp-cpe:/a:novell:opensuse:kernel-default
novellopensusekernel-default-basep-cpe:/a:novell:opensuse:kernel-default-base
novellopensusekernel-default-base-debuginfop-cpe:/a:novell:opensuse:kernel-default-base-debuginfo
Rows per page:
1-10 of 381

References

Related

nessus 81
suse 3
redhat 19
oraclelinux 7
cloudfoundry 1
zdt 1
ubuntu 7
packetstorm 1
osv 8
debian 5
fedora 3
archlinux 4
intel 1
thn 1
exploitdb 1
threatpost 1
veracode 6
cve 6
redhatcve 6
ubuntucve 6
prion 6
amazon 5
f5 2
cbl_mariner 2
debiancve 6
githubexploit 1
photon 4
mageia 1
virtuozzo 2
slackware 1
ibm 1
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2981-1)
2020-12-09 00:00:00
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2972-1)
2020-12-09 00:00:00
RHEL 7 : kernel-alt (RHSA-2020:4279)
2020-10-20 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2020-10-17 00:00:00
Security update for the Linux Kernel (important)
2020-10-19 00:00:00
Security update for the Linux Kernel (important)
2020-11-29 00:00:00
redhat
redhat
(RHSA-2020:4279) Important: kernel-alt security update
2020-10-19 15:02:19
(RHSA-2020:4288) Important: kernel security update
2020-10-20 08:18:48
(RHSA-2020:4280) Important: kernel-rt security update
2020-10-19 15:02:22
oraclelinux
oraclelinux
kernel security update
2020-10-23 00:00:00
kernel security and bug fix update
2020-11-11 00:00:00
kernel security update
2020-11-13 00:00:00
cloudfoundry
cloudfoundry
USN-4591-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
zdt
zdt
Linux Kernel 5.4 - (BleedingTooth) Bluetooth Zero-Click Remote Code Execution Exploit
2021-04-08 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-10-19 00:00:00
Kernel Live Patch Security Notice
2020-10-23 00:00:00
Linux kernel vulnerabilities
2020-10-20 00:00:00
packetstorm
packetstorm
Linux Kernel 5.4 BleedingTooth Remote Code Execution
2021-04-08 00:00:00
osv
osv
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities
2020-10-19 23:51:52
linux - security update
2020-10-19 00:00:00
linux-4.19 - security update
2020-10-27 00:00:00
debian
debian
[SECURITY] [DSA 4774-1] linux security update
2020-10-19 12:12:25
[SECURITY] [DLA 2417-1] linux-4.19 security update
2020-10-28 14:53:23
[SECURITY] [DSA 4774-1] linux security update
2020-10-19 12:12:25
fedora
fedora
[SECURITY] Fedora 32 Update: kernel-5.8.15-201.fc32
2020-10-15 22:33:54
[SECURITY] Fedora 31 Update: kernel-5.8.15-101.fc31
2020-10-16 00:30:36
[SECURITY] Fedora 33 Update: kernel-5.8.15-301.fc33
2020-10-15 22:35:52
archlinux
archlinux
[ASA-202010-9] linux-hardened: multiple issues
2020-10-18 00:00:00
[ASA-202010-3] linux-zen: multiple issues
2020-10-18 00:00:00
[ASA-202010-2] linux: multiple issues
2020-10-18 00:00:00
intel
intel
BlueZ Advisory
2020-10-15 00:00:00
thn
thn
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
2020-10-16 07:19:00
exploitdb
exploitdb
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
2021-04-08 00:00:00
threatpost
threatpost
Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices
2020-10-14 13:37:13
veracode
veracode
Man-in-the-Middle (MitM)
2020-12-06 02:35:32
Authorization Bypass
2020-10-20 09:18:12
Arbitrary Code Execution
2020-09-24 11:06:32
cve
cve
CVE-2020-12351
2020-11-23 17:15:00
CVE-2020-25645
2020-10-13 20:15:00
CVE-2020-25212
2020-09-09 16:15:00
redhatcve
redhatcve
CVE-2020-12351
2020-10-14 21:01:35
CVE-2020-25645
2020-10-08 12:34:56
CVE-2020-25212
2020-09-09 21:27:09
ubuntucve
ubuntucve
CVE-2020-12351
2020-10-14 00:00:00
CVE-2020-25645
2020-10-13 00:00:00
CVE-2020-25212
2020-09-09 00:00:00
prion
prion
Improper access control
2020-11-23 17:15:00
Design/Logic Flaw
2020-10-13 20:15:00
Input validation
2020-11-23 17:15:00
amazon
amazon
Important: kernel
2020-11-09 17:10:00
Important: kernel
2020-11-14 01:22:00
Important: kernel
2020-10-22 18:07:00
f5
f5
K42355373 : Linux NFS kernel vulnerablity CVE-2020-25212
2021-03-01 00:00:00
K65213626 : Linux kernel vulnerability CVE-2020-25645
2021-07-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-25645 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-25212 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
debiancve
debiancve
CVE-2020-25212
2020-09-09 16:15:00
CVE-2020-25645
2020-10-13 20:15:00
CVE-2020-12352
2020-11-23 17:15:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Linux Linux Kernel
2021-03-01 20:44:50
photon
photon
Important Photon OS Security Update - PHSA-2020-0147
2020-09-28 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0263
2021-07-02 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0147
2020-10-01 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2020-10-21 16:07:53
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 116.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, and Virtuozzo Hybrid Infrastructure 3.5
2020-09-18 00:00:00
Important kernel security update: Virtuozzo ReadyKernel patch 117.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2020-10-09 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-10-21 22:25:53
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
2021-10-06 01:30:01
JSON
Related for OPENSUSE-2020-1682.NASL
nessus81suse3redhat19oraclelinux7cloudfoundry1zdt1ubuntu7packetstorm1osv8debian5fedora3archlinux4intel1thn1exploitdb1threatpost1veracode6cve6redhatcve6ubuntucve6prion6amazon5f52cbl_mariner2debiancve6githubexploit1photon4mageia1virtuozzo2slackware1ibm1