{"ibm": [{"lastseen": "2022-06-28T22:01:57", "description": "## Summary\n\nIBM QRadar Network Security has addressed vulnerabilities in Linux kernel.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-1000251_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the native Bluetooth stack. By processing L2CAP configuration responses, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/131857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2017-9076_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the dccp_v6_request_recv_sock function in net/dccp/ipv6.c. By using specially-crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126255_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126255>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-7616_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7616>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c. By triggering failure of a certain bitmap operation, an attacker could exploit this vulnerability to obtain sensitive information from uninitialized stack data. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124563_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124563>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7187>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow in sg_ioctl function in drivers/scsi/sg.c. By using a large command size in an SG_NEXT_CMD_LEN ioctl call, a local attacker could exploit this vulnerability to cause the system to crash or other unspecified impact. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123509_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123509>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-6951_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6951>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_aux function in security/keys/keyring.c. By using a request_key system call for the \"dead\" type, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123423_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123423>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-6001_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6001>)** \nDESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the kernel/events/core.c. By using a specially-crafted application, an attacker could exploit this vulnerability to gain privileges on the system. \nCVSS Base Score: 7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122171_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122171>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2017-5970_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970>)** \nDESCRIPTION:** Linux kernel is vulnerable to a denial of service, caused by an error in the ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c. By using a specially-crafted application that makes malformed system calls or IPv4 traffic with invalid IP options, a remote attacker could exploit this vulnerability to cause system to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122003_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122003>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-2671_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2671>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the ping_unhash function. By leveraging access to the protocol value of IPPROTO_ICMP in a socket system call, a local attacker could exploit this vulnerability to cause the system to panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-2647_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2647>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_iterator function in keyring.c in KEYS subsystem. By using vectors involving a NULL value for a certain match field, a local authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128712_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128712>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2017-2596_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2596>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper emulation of the VMXON instruction by the nested_vmx_check_vmptr function. By leveraging the mishandling of page references, an attacker could exploit this vulnerability to cause host OS memory consumption and the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122080_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122080>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9806_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9806>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a race condition in the netlink_dump function in net/netlink/af_netlink.c. By using a specially-crafted application, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120228_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120228>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9685_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9685>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the fs/xfs/xfs_attr_list.c. By using a specially-crafted XFS filesystem operations, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120243_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120243>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9604_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9604>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the built-in keyrings for security tokens. By adding a new public key of its own devising to the keyring, an attacker could exploit this vulnerability to bypass module signature verification and gain direct access to an internal keyring. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125570_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125570>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2017-9075_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the sctp_v6_create_accept_sk function in net/sctp/ipv6.c. By using specially-crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126254_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126254>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-9074_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. By using a specially-crafted socket and send system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126253_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126253>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-8890_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a double free in inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c. By leveraging use of the accept system call, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125914_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125914>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-8797_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8797>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the NFSv4 Server. By sending a specially crafted NFSv4 pNFS LAYOUTGET command using UDP, a remote attacker on a system within the target mount''s host address mask range could exploit this vulnerability to cause the service to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-7889_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7889>)** \nDESCRIPTION:** Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the failure to properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. By using a specially-crafted application, an attacker could exploit this vulnerability to read or write to kernel memory locations in the first megabyte. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125799_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125799>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-10200_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10200>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the l2tp_ip6_bind() function in the L2TPv3 IP Encapsulation feature. By making multiple bind system calls, an attacker could exploit this vulnerability to trigger a use-after-free and gain elevated privileges on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122901_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122901>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-10147_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10147>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in crypto/mcryptd.c. By using an AF_ALG socket with an incompatible algorithm, a local authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124085_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124085>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-10088_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an use-after-free error in the sg implementation. By leveraging access to a /dev/sg device, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-10088_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to properly restrict write operations in situations where the KERNEL_DS option is set by the sg_write() and bsg_write() Functions in block/bsg.c and drivers/scsi/sg.c. By leveraging access to a /dev/sg device, an attacker could exploit this vulnerability to write arbitrary kernel memory and gain root privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120225_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120225>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8970_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8970>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a NULL pointer dereference in big_key.c, caused by the improper handling of setkey operation. A local attacker could exploit this vulnerability using a specially crafted application to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120131_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120131>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8839_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8839>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by multiple race conditions in the ext4 filesystem implementation. By writing to a page, an attacker could exploit this vulnerability to corrupt the disk. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114520_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114520>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2014-7975_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7975>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in do_umount function in fs/namespace.c. A local attacker could exploit this vulnerability using a umount call to cause the file system to become inaccessible. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96994_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96994>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)\n\n**CVEID:** [_CVE-2014-7970_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the VFS filesystem pivot_root() function. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96921_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96921>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)\n\n**CVEID:** [_CVE-2016-9588_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9588>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by mishandling the exceptions in the arch/x86/kvm/vmx.c. By declining to handle an exception thrown by a L2 guest, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120244_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120244>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9576_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9576>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free error in the blk_rq_map_user_iov function in block/blk-map.c. By accessing /dev/sg* scsi generic devices, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120245_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120245>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-8645_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain BUG state in tcp_collapse() function in net/ipv4/tcp_input.c. By executing specially-crafted system calls, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118962>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7097_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the setgid bit being preserved during a setxattr call by the filesystem implementation. By leveraging the existence of a setgid program, an attacker could exploit this vulnerability to gain group privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7042_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the use of an incorrect buffer size for certain timeout data by the proc_keys_show function in security/keys/proc.c. By reading the /proc/keys file, an attacker could exploit this vulnerability to cause the kernel to panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118133_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118133>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6213_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6213>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the mount table. By overflowing kernel mount table using shared bind mount, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.4 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 March curl2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSFSVP\",\"label\":\"IBM QRadar Network Security\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:04:36", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000251", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076"], "modified": "2018-06-16T22:04:36", "id": "091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "href": "https://www.ibm.com/support/pages/node/301535", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:01:38", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-11600_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11600>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using XFRM_MSG_MIGRATE xfrm Netlink message, a local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/129316_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129316>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H \n \n**CVEID:** [_CVE-2017-1000364_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard page to be \"jumped\" or bypassed. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127503_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127503>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2017-7895_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7895>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to bypass security restrictions, caused by improper validation at the end of buffer in NFSv2 and NFSv3 server implementations in fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to trigger pointer-arithmetic errors or other unspecified impact on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125803_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125803>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2017-7645_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. By using a long RPC reply, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-7308_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly validate certain block-size data by the packet_set_ring function. By using specially crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123998_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123998>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-6214_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the tcp_splice_read() function. By sending a specially crafted TCP packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop and consume an overly large amount of CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122320_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122320>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-5986_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5986>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c. By using a specially-crafted multithreaded application, a local attacker could exploit this vulnerability to cause an assertion failure and kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122172_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122172>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-2636_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636>)** \nDESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). By using a specially-crafted application, an attacker could exploit this vulnerability to gain privileges on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122898_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122898>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2017-2618_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2618>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an off-by-one in the selinux_setprocattr when clearing SELinux attributes on /proc/pid/attr files. A local attacker could exploit this vulnerability using an empty (null) write to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132346_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132346>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-2583_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2583>)** \nDESCRIPTION:** Linux Kernel, built with the Kernel-based Virtual Machine (CONFIG_KVM) support, could allow a remote attacker from within the local network to gain elevated privileges on the system, caused by an incorrect segment selector(SS) value error when loading values into the SS register in long mode. An attacker could exploit this vulnerability to gain elevated privileges on the system or cause the guest to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121310_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121310>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-10208_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10208>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly validate meta block groups by the ext4_fill_super function. A local attacker could exploit this vulnerability using a specially crafted EXT4 image to corrupt memory triggering an out-of-bounds read and cause the system to crash. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123370_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123370>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9793_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9793>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the sock_setsockopt function in net/core/sock.c. By using a specially-crafted setsockopt system call, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120231_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120231>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-8650_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8650>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to ensure that memory is allocated for limb data by mpi_powm function. A local attacker could exploit this vulnerability using an add_key system call for an RSA key with a zero exponent to cause the system to panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8646_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8646>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the hash_accept function in crypto/algif_hash.c. By attempting to trigger use of in-kernel hash algorithms for a socket, a local attacker could exploit this vulnerability to cause a kernel OOPS. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119509_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119509>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7910_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7910>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the disk_seqf_stop function. By leveraging the execution of a certain stop operation, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119531_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119531>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 10.\n\n \n \nCustomers running v2.1 are encouraged to upgrade to v3.1. \n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 September 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:38:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-9793", "CVE-2017-1000364", "CVE-2017-11600", "CVE-2017-2583", "CVE-2017-2618", "CVE-2017-2636", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-7308", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2018-06-18T01:38:07", "id": "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "href": "https://www.ibm.com/support/pages/node/632071", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:01:40", "description": "## Summary\n\nIBM QRadar Network Security has addressed vulnerabilities in Linux kernel.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-6074](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074>)** \nDESCRIPTION:** Linux kernel is vulnerable to a denial of service, caused by improper handling of DCCP_PKT_REQUEST packet data structures in the LISTEN state by the dccp_rcv_state_process function in net/dccp/input.c. By using an application that makes an IPV6_RECVPKTINFO setsockopt system call, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122170> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [CVE-2016-9555](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access error in sctp_sf_ootb(). By sending specially crafted data, a remote attacker could exploit this vulnerability to obtain a sensitive information or cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119185> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2016-9084](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper use of the kzalloc function by vfio_pci_intrs.c. A local attacker could exploit this vulnerability to trigger an integer overflow and cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-9083](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a mmeory corruption error in vfio_pci.c. A local attacker could exploit this vulnerability to bypass integer overflow checks and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-8655](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition and use-after-free memory errors in the packet_set_ring() function. By creating AF_PACKET sockets, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-7117](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117765> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-6828](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain SACK state in tcp_check_send_head function in include/net/tcp.h. By executing a specially-crafted SACK option, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118135> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.2 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n31 August 2017: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSFSVP\",\"label\":\"IBM QRadar Network Security\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:02:07", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2017-6074"], "modified": "2018-06-16T22:02:07", "id": "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "href": "https://www.ibm.com/support/pages/node/567117", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:01:19", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-6074_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074>)** \nDESCRIPTION:** Linux kernel is vulnerable to a denial of service, caused by improper handling of DCCP_PKT_REQUEST packet data structures in the LISTEN state by the dccp_rcv_state_process function in net/dccp/input.c. By using an application that makes an IPV6_RECVPKTINFO setsockopt system call, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122170_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122170>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-9555_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access error in sctp_sf_ootb(). By sending specially crafted data, a remote attacker could exploit this vulnerability to obtain a sensitive information or cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119185_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119185>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9084_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper use of the kzalloc function by vfio_pci_intrs.c. A local attacker could exploit this vulnerability to trigger an integer overflow and cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9083_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a mmeory corruption error in vfio_pci.c. A local attacker could exploit this vulnerability to bypass integer overflow checks and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8655_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition and use-after-free memory errors in the packet_set_ring() function. By creating AF_PACKET sockets, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119611_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119611>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6828_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain SACK state in tcp_check_send_head function in include/net/tcp.h. By executing a specially-crafted SACK option, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118135_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118135>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 9.\n\n \n \nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed starting with PowerKVM 2.1.1.3-65 update 18. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. \n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n4 August 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:37:19", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2017-6074"], "modified": "2018-06-18T01:37:19", "id": "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "href": "https://www.ibm.com/support/pages/node/631751", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:04:29", "description": "## Summary\n\nThe IBM Security Access Manager appliance has addressed the following vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9555_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access error in sctp_sf_ootb(). By sending specially crafted data, a remote attacker could exploit this vulnerability to obtain a sensitive information or cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119185_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119185>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n\n**CVEID:** [_CVE-2016-9084_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper use of the kzalloc function by vfio_pci_intrs.c. A local attacker could exploit this vulnerability to trigger an integer overflow and cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9083_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a mmeory corruption error in vfio_pci.c. A local attacker could exploit this vulnerability to bypass integer overflow checks and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6828_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain SACK state in tcp_check_send_head function in include/net/tcp.h. By executing a specially-crafted SACK option, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118135_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118135>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Access Manager Appliance**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Access Manager| 9.0.3.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nIBM Security Access Manager| 9.0.3.0| IJ00229| Upgrade to 9.0.3.1: \n[_9.0.3-ISS-ISAM-FP0001_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n3 November 2017: Original version published. \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZU8Q\",\"label\":\"IBM Security Access Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"9.0.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:36", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555"], "modified": "2018-06-16T22:03:36", "id": "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "href": "https://www.ibm.com/support/pages/node/299119", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1842-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2016-9806", "CVE-2016-7097", "CVE-2016-6213", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2016-10088", "CVE-2017-6001", "CVE-2015-8839", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-9075", "CVE-2014-7975", "CVE-2016-9685", "CVE-2015-8970", "CVE-2016-10147", "CVE-2016-9576", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-2596", "CVE-2016-9588", "CVE-2017-9076", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797", "CVE-2016-7042", "CVE-2016-8645", "CVE-2014-7970"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871855", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_1842-01_kernel.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for kernel RHSA-2017:1842-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871855\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:14 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\",\n \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-6213\",\n \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\",\n \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\",\n \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5970\",\n \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7616\",\n \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1842-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system. Security Fix(es): * An\n use-after-free flaw was found in the Linux kernel which enables a race condition\n in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to\n escalate their privileges or crash the system. (CVE-2016-10200, Important) * A\n flaw was found that can be triggered in keyring_search_iterator in keyring.c if\n type- match is NULL. A local user could use this flaw to crash the system or,\n potentially, escalate their privileges. (CVE-2017-2647, Important) * It was\n found that the NFSv4 server in the Linux kernel did not properly validate layout\n type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote\n attacker could use this flaw to soft-lockup the system and thus cause denial of\n service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and\n Low impact security issues: * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576,\n CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,\n CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671,\n CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616,\n CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075,\n CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,\n CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n Documentation for these issues is available from the Release Notes document\n linked from the References section. Red Hat would like to thank Igor Redko\n (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647 Igor\n Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970\n Marco Grassi for reporting CVE-2016-8645 and Dmitry Vyukov (Google Inc.) for\n reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina\n (Red Hat) the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\n Hat) and Jan Kara (SUSE) the CVE-2016-6213 and CVE-2016-9685 issues were\n discovered by Qian Cai (Red Hat) and the CVE-2016-9604 issue was discovered by\n David Howells (Red Hat). Additional Changes: For detailed information on other\n changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes\n linked from the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1842-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~693.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1308-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:1308-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871823\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-26 06:31:20 +0200 (Fri, 26 May 2017)\");\n script_cve_id(\"CVE-2016-10208\", \"CVE-2016-7910\", \"CVE-2016-8646\", \"CVE-2017-5986\", \"CVE-2017-7308\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1308-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the packet_set_ring() function of the Linux kernel's\nnetworking implementation did not properly validate certain block-size\ndata. A local attacker with CAP_NET_RAW capability could use this flaw to\ntrigger a buffer overflow, resulting in the crash of the system. Due to the\nnature of the flaw, privilege escalation cannot be fully ruled out.\n(CVE-2017-7308, Important)\n\n * Mounting a crafted EXT4 image read-only leads to an attacker controlled\nmemory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of seq_file where a\nlocal attacker could manipulate memory in the put() function pointer. This\ncould lead to memory corruption and possible privileged escalation.\n(CVE-2016-7910, Moderate)\n\n * A vulnerability was found in the Linux kernel. An unprivileged local user\ncould trigger oops in shash_async_export() by attempting to force the\nin-kernel hashing algorithms into decrypting an empty data set.\n(CVE-2016-8646, Moderate)\n\n * It was reported that with Linux kernel, earlier than version v4.10-rc8,\nan application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket\ntx buffer is full, a thread is waiting on it to queue more data, and\nmeanwhile another thread peels off the association being used by the first\nthread. (CVE-2017-5986, Moderate)\n\nRed Hat would like to thank Igor Redko (Virtuozzo kernel team) for\nreporting CVE-2016-8646.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1308-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-May/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:36", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:1308 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:1308 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882725\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-26 06:32:15 +0200 (Fri, 26 May 2017)\");\n script_cve_id(\"CVE-2016-10208\", \"CVE-2016-7910\", \"CVE-2016-8646\", \"CVE-2017-5986\",\n \"CVE-2017-7308\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:1308 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system. Security Fix(es): * It was found\n that the packet_set_ring() function of the Linux kernel's networking\n implementation did not properly validate certain block-size data. A local\n attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer\n overflow, resulting in the crash of the system. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important) *\n Mounting a crafted EXT4 image read-only leads to an attacker controlled memory\n corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate) * A flaw was\n found in the Linux kernel's implementation of seq_file where a local attacker\n could manipulate memory in the put() function pointer. This could lead to memory\n corruption and possible privileged escalation. (CVE-2016-7910, Moderate) * A\n vulnerability was found in the Linux kernel. An unprivileged local user could\n trigger oops in shash_async_export() by attempting to force the in-kernel\n hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)\n\n * It was reported that with Linux kernel, earlier than version v4.10-rc8, an\n application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer\n is full, a thread is waiting on it to queue more data, and meanwhile another\n thread peels off the association being used by the first thread. (CVE-2017-5986,\n Moderate) Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for\n reporting CVE-2016-8646. Additional Changes: This update also fixes several bugs\n and adds various enhancements. Documentation for these changes is available from\n the Technical Notes document linked to in the References section.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1308\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-May/022441.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9806", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-7917", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-10147", "CVE-2016-9576", "CVE-2016-8645"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851489", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851489\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-14 05:57:00 +0100 (Tue, 14 Feb 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-7117\", \"CVE-2016-7917\",\n \"CVE-2016-8645\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2017-5551\",\n \"CVE-2016-9576\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0458-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down (bsc#1021258).\n\n - CVE-2016-10147: crypto/mcryptd.c in the Linux kernel allowed local users\n to cause a denial of service (NULL pointer dereference and system crash)\n by using an AF_ALG socket with an incompatible algorithm, as\n demonstrated by mcryptd(md5) (bnc#1020381).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not check whether a\n batch message's length field is large enough, which allowed local users\n to obtain sensitive information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by leveraging the\n CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging th ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0458-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.38~47.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.38~47.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.38~47.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.38~47.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.38~47.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.38~47.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1615-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7895", "CVE-2017-7645", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:1615-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871838\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-29 05:10:09 +0200 (Thu, 29 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\",\n \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1615-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system. Security Fix(es): * A flaw was\n found in the way Linux kernel allocates heap memory to build the scattergather\n list from a fragment list(skb_shinfo(skb)- frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter\n and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process\n could use this flaw to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to\n the NFS server. These encoded arguments are stored in an array of memory pages,\n and accessed using pointer variables. Arbitrarily long arguments could make\n these pointers point outside the array and cause an out-of-bounds memory access.\n A remote user or program could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server\n implementations in the Linux kernel through 4.10.13 lacked certain checks for\n the end of a buffer. A remote attacker could trigger a pointer-arithmetic error\n or possibly cause other unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux\n kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was\n vulnerable to an incorrect segment selector(SS) value error. The error could\n occur while loading values into the SS register in long mode. A user or process\n inside a guest could use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest. (CVE-2017-2583,\n Moderate) * A flaw was found in the Linux kernel's handling of packets with the\n URG flag. Applications using the splice() and tcp_splice_read() functionality\n could allow a remote attacker to force the kernel to enter a condition in which\n it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to\n thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for\n reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter\n (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in\n the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow\n no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified\n while being listed, the NFS client could restart the directory listing multiple\n times. Consequently, the performance of listing the directory was sub-optimal.\n With this up ... Description truncated, for more information please check the\n Reference URL\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1615-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-June/msg00060.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:1615 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7895", "CVE-2017-7645", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:1615 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882747\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:12:15 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:1615 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the way Linux kernel allocates heap memory to build\nthe scattergather list from a fragment list(skb_shinfo(skb)- frag_list) in\nthe socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS +\n1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A\nremote user or process could use this flaw to potentially escalate their\nprivilege on a system. (CVE-2017-7477, Important)\n\n * The NFS2/3 RPC client could send long arguments to the NFS server. These\nencoded arguments are stored in an array of memory pages, and accessed\nusing pointer variables. Arbitrarily long arguments could make these\npointers point outside the array and cause an out-of-bounds memory access.\nA remote user or program could use this flaw to crash the kernel (denial of\nservice). (CVE-2017-7645, Important)\n\n * The NFSv2 and NFSv3 server implementations in the Linux kernel through\n4.10.13 lacked certain checks for the end of a buffer. A remote attacker\ncould trigger a pointer-arithmetic error or possibly cause other\nunspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and\nfs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n * The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport was vulnerable to an incorrect segment selector(SS) value error.\nThe error could occur while loading values into the SS register in long\nmode. A user or process inside a guest could use this flaw to crash the\nguest, resulting in DoS or potentially escalate their privileges inside the\nguest. (CVE-2017-2583, Moderate)\n\n * A flaw was found in the Linux kernel's handling of packets with the URG\nflag. Applications using the splice() and tcp_splice_read() functionality\ncould allow a remote attacker to force the kernel to enter a condition in\nwhich it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n * Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than\nthe total-pages counter (HugePages_Total) in the /proc/meminfo file, and\nHugePages_Rsvd underflowed. With this update, the HugeTLB feature of the\nLinux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.\n(BZ#1445184)\n\n * If a directory on a NFS client was modified while being listed, the NFS\nclient could restart the directory listing multiple times. Consequently,\nthe performance of listing the directory was sub-optimal. With this update,\nthe restarting of the di ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1615\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-6f06be3fe9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-6f06be3fe9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872729\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-02 07:03:01 +0200 (Fri, 02 Jun 2017)\");\n script_cve_id(\"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\", \"CVE-2017-9074\",\n \"CVE-2017-8890\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-6f06be3fe9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-6f06be3fe9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GN4PX5ETRQPJP63VP5LAWFVPRHWPGLBM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.11.3~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-6554692044", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872761", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-6554692044\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872761\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 06:53:55 +0200 (Wed, 14 Jun 2017)\");\n script_cve_id(\"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\", \"CVE-2017-9074\",\n \"CVE-2017-8890\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-6554692044\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-6554692044\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UODZK3EP5PYYTVXAGMC26VIMRXBEFRQW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.11.4~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2016-8650", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-8666", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-9555", "CVE-2016-8630", "CVE-2016-9685", "CVE-2016-7915", "CVE-2016-7425", "CVE-2016-9083", "CVE-2016-9576", "CVE-2016-8646", "CVE-2016-7913", "CVE-2016-9588", "CVE-2016-7914", "CVE-2016-8645"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191496", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1496\");\n script_version(\"2020-01-23T11:56:37+0000\");\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-8646\", \"CVE-2016-8650\", \"CVE-2016-8655\", \"CVE-2016-8666\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:56:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1496)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1496\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1496\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1496 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.(CVE-2016-7117)\n\nA heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.(CVE-2016-7425)\n\nA flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.(CVE-2016-7910)\n\nA use-after-free vulnerability in sys_ioprio_get() was found due to get_task_ioprio() accessing the task-io_context without holding the task lock and could potentially race with exit_io_context(), leading to a use-after-free.(CVE-2016-7911)\n\nThe xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-7913)\n\nThe assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures.(CVE-2016-7914)\n\nThe hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\nRace condition in the environ_read() function in 'fs/proc/base.c' in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a '/proc/*/environ' file during a process-setup time interval in which environment-variable copying is incomplete.(CVE-2016-7916)\n\nA flaw was found in the Linux networking ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-ee3a114958", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9084", "CVE-2016-8630", "CVE-2016-9083", "CVE-2016-8645"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310810159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810159", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-ee3a114958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810159\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:03:10 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-8645\", \"CVE-2016-8630\", \"CVE-2016-9084\", \"CVE-2016-9083\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-ee3a114958\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ee3a114958\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERTN3R5LEVJDD6AMU5EPH27E3YQ3CJ35\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.8~100.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:0386 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8630", "CVE-2016-9083"], "modified": "2019-03-11T00:00:00", "id": "OPENVAS:1361412562310882673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0386 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882673\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-07 05:44:17 +0100 (Tue, 07 Mar 2017)\");\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0386 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nSecurity Fix(es):\n\n * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport is vulnerable to a null pointer dereference flaw. It could occur on\nx86 platform, when emulating an undefined instruction. An attacker could\nuse this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630,\nImportant)\n\n * A race condition issue leading to a use-after-free flaw was found in the\nway the raw packet sockets implementation in the Linux kernel networking\nsubsystem handled synchronization while creating the TPACKET_V3 ring\nbuffer. A local user able to open a raw packet socket (requires the\nCAP_NET_RAW capability) could use this flaw to elevate their privileges on\nthe system. (CVE-2016-8655, Important)\n\n * A flaw was discovered in the Linux kernel's implementation of VFIO. An\nattacker issuing an ioctl can create a situation where memory is corrupted\nand modify memory outside of the expected area. This may overwrite kernel\nmemory and subvert kernel execution. (CVE-2016-9083, Important)\n\n * The use of a kzalloc with an integer multiplication allowed an integer\noverflow condition to be reached in vfio_pci_intrs.c. This combined with\nCVE-2016-9083 may allow an attacker to craft an attack and use unallocated\nmemory, potentially crashing the machine. (CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes:\n\nSpace precludes documenting all of the bug fixes and enhancements included\nin this advisory. To see the complete list of bug fixes and enhancements,\nrefer to the linked KnowledgeBase article.\");\n\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0386\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2940041\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022324.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.10.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8630", "CVE-2016-9083"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871768\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-03 05:49:38 +0100 (Fri, 03 Mar 2017)\");\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0386-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport is vulnerable to a null pointer dereference flaw. It could occur on\nx86 platform, when emulating an undefined instruction. An attacker could\nuse this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630,\nImportant)\n\n * A race condition issue leading to a use-after-free flaw was found in the\nway the raw packet sockets implementation in the Linux kernel networking\nsubsystem handled synchronization while creating the TPACKET_V3 ring\nbuffer. A local user able to open a raw packet socket (requires the\nCAP_NET_RAW capability) could use this flaw to elevate their privileges on\nthe system. (CVE-2016-8655, Important)\n\n * A flaw was discovered in the Linux kernel's implementation of VFIO. An\nattacker issuing an ioctl can create a situation where memory is corrupted\nand modify memory outside of the expected area. This may overwrite kernel\nmemory and subvert kernel execution. (CVE-2016-9083, Important)\n\n * The use of a kzalloc with an integer multiplication allowed an integer\noverflow condition to be reached in vfio_pci_intrs.c. This combined with\nCVE-2016-9083 may allow an attacker to craft an attack and use unallocated\nmemory, potentially crashing the machine. (CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes:\n\nSpace precludes documenting all of the bug fixes and enhancements included\nin this advisory. To see the complete list of bug fixes and enhancements,\nrefer to the linked KnowledgeBase article.\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2940041\");\n\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0386-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-0aa0f69e0c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-7889", "CVE-2017-7645", "CVE-2017-7477"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-0aa0f69e0c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872640\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-05 07:02:54 +0200 (Fri, 05 May 2017)\");\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-7477\", \"CVE-2017-7889\", \"CVE-2017-7645\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-0aa0f69e0c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0aa0f69e0c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4HRXASJPX4MDGSPS2ODUWTIAC2EV7RN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.13~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:37:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-6951", "CVE-2017-2618"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171071", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1071\");\n script_version(\"2020-01-23T10:47:58+0000\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-6951\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1071)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1071\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1071\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1071 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793)\n\nA flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618)\n\nThe keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type.(CVE-2017-6951)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.127\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:03", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-6951", "CVE-2017-2618"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171072", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1072\");\n script_version(\"2020-01-23T10:48:01+0000\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-6951\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:48:01 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:01 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1072)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1072\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1072\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1072 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793)\n\nA flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618)\n\nThe keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type.(CVE-2017-6951)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.49.58.45\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:32:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2017-7261", "CVE-2017-2584", "CVE-2017-6074", "CVE-2017-6001", "CVE-2017-5970", "CVE-2017-2636", "CVE-2017-5551", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-18270", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-5986", "CVE-2017-2596", "CVE-2017-6353", "CVE-2017-18344", "CVE-2017-7187"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191502", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1502\");\n script_version(\"2020-01-23T11:58:09+0000\");\n script_cve_id(\"CVE-2017-18255\", \"CVE-2017-18270\", \"CVE-2017-18344\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5669\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6001\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:58:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:58:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1502)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1502\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1502\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1502 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255)\n\nIn the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270)\n\nThe timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigev_notify field, which leads to out-of-bounds access in the show_timer function.(CVE-2017-18344)\n\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\nLinux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS.(CVE-2017-2596)\n\nA race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.(CVE-2017-2636)\n\nA flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647)\n\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.(CVE-2017-2671)\n\nA vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way, this allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\nThe do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:0933 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2019-03-11T00:00:00", "id": "OPENVAS:1361412562310882694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0933 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882694\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:31 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0933 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes. Space precludes documenting all of these bug fixes in this\nadvisory. To see the complete list of bug fixes, users are directed to the\nreferences Knowledge Article.\n\nSecurity Fix(es):\n\n * A race condition flaw was found in the N_HLDC Linux kernel driver when\naccessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty device\ncould use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n * A flaw was found in the Linux kernel key management subsystem in which a\nlocal attacker could crash the kernel or corrupt the stack and additional\nmemory (denial of service) by supplying a specially crafted RSA key. This\nflaw panics the machine during the verification of the RSA key.\n(CVE-2016-8650, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of setsockopt for\nthe SO_{SND RCV}BUFFORCE setsockopt() system call. Users with non-namespace\nCAP_NET_ADMIN are able to trigger this call and create a situation in which\nthe sockets sendbuff data size could be negative. This could adversely\naffect memory allocations and create situations where the system could\ncrash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n * A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file can\ncrash the system by causing the system to attempt to access unmapped kernel\nmemory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and\nRalf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was\ndiscovered by Paul Moore (Red Hat Engineering).\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0933\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2986951\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0933-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0933-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871796\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:32:31 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0933-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes. Space precludes documenting all of these bug fixes in this\nadvisory. To see the complete list of bug fixes, users are directed to the\nrelated Knowledge Article.\n\nSecurity Fix(es):\n\n * A race condition flaw was found in the N_HLDC Linux kernel driver when\naccessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty device\ncould use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n * A flaw was found in the Linux kernel key management subsystem in which a\nlocal attacker could crash the kernel or corrupt the stack and additional\nmemory (denial of service) by supplying a specially crafted RSA key. This\nflaw panics the machine during the verification of the RSA key.\n(CVE-2016-8650, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of setsockopt for\nthe BUFFORCE setsockopt() system call. Users with non-namespace\nCAP_NET_ADMIN are able to trigger this call and create a situation in which\nthe sockets sendbuff data size could be negative. This could adversely\naffect memory allocations and create situations where the system could\ncrash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n * A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file can\ncrash the system by causing the system to attempt to access unmapped kernel\nmemory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and\nRalf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was\ndiscovered by Paul Moore (Red Hat Engineering).\");\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0933-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-April/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2986951\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:00:37", "description": "The Linux operating system has four security vulnerabilities called ", "cvss3": {}, "published": "2020-06-05T00:00:00", "type": "openvas", "title": "Huawei Data Communication: 'Phoenix Talon' Vulnerabilities in Linux Kernel (huawei-sa-20170802-01-linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2020-06-30T00:00:00", "id": "OPENVAS:1361412562310108776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108776", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108776\");\n script_version(\"2020-06-30T16:53:05+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-30 16:53:05 +0000 (Tue, 30 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-05 08:17:40 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: 'Phoenix Talon' Vulnerabilities in Linux Kernel (huawei-sa-20170802-01-linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"The Linux operating system has four security vulnerabilities called 'Phoenix Talon', which affect Linux kernel 2.5.69 to Linux kernel 4.11.\");\n\n script_tag(name:\"insight\", value:\"The Linux operating system has four security vulnerabilities called 'Phoenix Talon', which affect Linux kernel 2.5.69 to Linux kernel 4.11. Successful exploit of these vulnerabilities can allow an attacker to launch DOS attacks and can lead to arbitrary code execution when certain conditions are met. (Vulnerability ID: HWPSIRT-2017-06165, HWPSIRT-2017-07130, HWPSIRT-2017-07131 and HWPSIRT-2017-07132)The four vulnerabilities have been assigned four Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8890, CVE-2017-9075, CVE-2017-9076 and CVE-2017-9077.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"Successful exploit of this vulnerability can allow an attacker to launch DOS attacks and can lead to arbitrary code execution when certain conditions are met.\");\n\n script_tag(name:\"affected\", value:\"AP5010DN-AGN-FAT versions V200R005C10\n\n AP5010SN-GN versions V200R005C10 V200R006C00 V200R006C10\n\n AP5010SN-GN-FAT versions V200R005C10\n\n AT815SN versions V200R005C10 V200R006C00 V200R006C10\n\n HiSTBAndroid versions HiSTBAndroidV600R001C00SPC061\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-linux-en\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/o:huawei:ap5010dn-agn-fat_firmware\",\n \"cpe:/o:huawei:ap5010sn-gn_firmware\",\n \"cpe:/o:huawei:ap5010sn-gn-fat_firmware\",\n \"cpe:/o:huawei:at815sn_firmware\",\n \"cpe:/o:huawei:histbandroid_firmware\");\n\nif (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))\n exit(0);\n\ncpe = infos[\"cpe\"];\nversion = toupper(infos[\"version\"]);\npatch = get_kb_item(\"huawei/vrp/patch\");\n\nif (cpe == \"cpe:/o:huawei:ap5010dn-agn-fat_firmware\") {\n if(version == \"V200R005C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"v2r7c20spc300\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v2r7c20spc300\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap5010sn-gn_firmware\") {\n if(version == \"V200R005C10\" || version == \"V200R006C00\" || version == \"V200R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"v2r7c20spc300\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v2r7c20spc300\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:ap5010sn-gn-fat_firmware\") {\n if(version == \"V200R005C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"v2r7c20spc300\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"v2r7c20spc300\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:at815sn_firmware\") {\n if(version == \"V200R005C10\" || version == \"V200R006C00\" || version == \"V200R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V2R7C20SPC300\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V2R7C20SPC300\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:histbandroid_firmware\") {\n if(version == \"HISTBANDROIDV600R001C00SPC061\") {\n if (!patch || version_is_less(version: patch, test_version: \"V600R001C00SPC066\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V600R001C00SPC066\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-273b67d5ee", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-273b67d5ee\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872708\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-26 06:42:30 +0200 (Fri, 26 May 2017)\");\n script_cve_id(\"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\", \"CVE-2017-9074\",\n \"CVE-2017-8890\", \"CVE-2017-9059\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-273b67d5ee\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-273b67d5ee\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QILAN4AVI7SLTKBTCPPPTQDYJ6UXVVKS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.17~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-85744f8aa9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-85744f8aa9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872720\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-27 07:02:29 +0200 (Sat, 27 May 2017)\");\n script_cve_id(\"CVE-2017-9059\", \"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\",\n \"CVE-2017-9074\", \"CVE-2017-8890\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-85744f8aa9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-85744f8aa9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5RBMEUFNKXR2DU5RI57GMHK3QD22WWF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.17~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1513-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851566", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851566\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-09 06:51:33 +0200 (Fri, 09 Jun 2017)\");\n script_cve_id(\"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1513-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 kernel was updated\n to 4.4.70 to receive various security and bugfixes. The following security bugs\n were fixed: - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local\n users to cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). -\n CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the\n Linux kernel mishandled inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via crafted system calls, a\n related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9075: The\n sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel\n mishandled inheritance, which allowed local users to cause a denial of service\n or possibly have unspecified other impact via crafted system calls, a related\n issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9074: The IPv6 fragmentation\n implementation in the Linux kernel did not consider that the nexthdr field may\n be associated with an invalid option, which allowed local users to cause a\n denial of service (out-of-bounds read and BUG) or possibly have unspecified\n other impact via crafted socket and send system calls (bnc#1039882). -\n CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel\n mishandled reference counts, which allowed local users to cause a denial of\n service (use-after-free) or possibly have unspecified other impact via a failed\n SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-8890: The\n inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux\n kernel allowed attackers to cause a denial of service (double free) or possibly\n have unspecified other impact by leveraging use of the accept system call\n (bnc#1038544). - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c\n in the Linux kernel did not make the allow_ptr_leaks value available for\n restricting the output of the print_bpf_insn function, which allowed local users\n to obtain sensitive address information via crafted bpf system calls\n (bnc#1040279). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in\n the Linux kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and\n fs/nfsd/nfsxdr.c. (bsc#1034670) The following non-security bugs were fixed: -\n 9p: fix a potential acl leak (4.4.68 sta ... Description truncated, for more\n information please check the Reference URL\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1513-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.70~18.9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.70~18.9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.70~18.9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.70~18.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3312-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7895", "CVE-2016-9084", "CVE-2016-7917", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-7618", "CVE-2017-7645", "CVE-2016-8632", "CVE-2017-0605", "CVE-2017-2671", "CVE-2016-9083", "CVE-2016-7913", "CVE-2017-2596"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3312-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843199\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:03:28 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2016-7917\", \"CVE-2016-8632\", \"CVE-2016-9604\", \"CVE-2017-0605\",\n \"CVE-2017-2596\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7472\",\n \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\", \"CVE-2016-7913\",\n \"CVE-2016-9084\", \"CVE-2017-7618\", \"CVE-2016-9083\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3312-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3312-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in\n the Linux kernel did not properly validate batch messages. A local attacker with\n the CAP_NET_ADMIN capability could use this to expose sensitive information or\n cause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based\n buffer overflow in the tipc_msg_build() function in the Linux kernel. A local\n attacker could use to cause a denial of service (system crash) or possibly\n execute arbitrary code with administrative privileges. (CVE-2016-8632) It was\n discovered that the keyring implementation in the Linux kernel in some\n situations did not prevent special internal keyrings from being joined by\n userspace keyrings. A privileged local attacker could use this to bypass module\n verification. (CVE-2016-9604) It was discovered that a buffer overflow existed\n in the trace subsystem in the Linux kernel. A privileged local attacker could\n use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov discovered\n that KVM implementation in the Linux kernel improperly emulated the VMXON\n instruction. A local attacker in a guest OS could use this to cause a denial of\n service (memory consumption) in the host OS. (CVE-2017-2596) Daniel Jiang\n discovered that a race condition existed in the ipv4 ping socket implementation\n in the Linux kernel. A local privileged attacker could use this to cause a\n denial of service (system crash). (CVE-2017-2671) Di Shen discovered that a race\n condition existed in the perf subsystem of the Linux kernel. A local attacker\n could use this to cause a denial of service or possibly gain administrative\n privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak in the keyring\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (memory consumption). (CVE-2017-7472) Sabrina Dubroca\n discovered that the asynchronous cryptographic hash (ahash) implementation in\n the Linux kernel did not properly handle a full request queue. A local attacker\n could use this to cause a denial of service (infinite recursion).\n (CVE-2017-7618) Tuomas Haanpä ä and Ari Kauppi discovered that the NFSv2\n and NFSv3 server implementations in the Linux kernel did not properly handle\n certain long RPC replies. A remote attacker could use this to cause a denial of\n service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler\n discovered that the memory ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3312-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3312-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic-lpae\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-lowlatency\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-e500mc\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-smp\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-emb\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-smp\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3312-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7895", "CVE-2016-9084", "CVE-2016-7917", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-7618", "CVE-2017-7645", "CVE-2016-8632", "CVE-2017-0605", "CVE-2017-2671", "CVE-2016-9083", "CVE-2016-7913", "CVE-2017-2596"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3312-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843200\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:04:01 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2016-7917\", \"CVE-2016-8632\", \"CVE-2016-9604\", \"CVE-2017-0605\",\n \"CVE-2017-2596\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7472\",\n \"CVE-2017-7618\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-7913\",\n \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3312-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the netfilter netlink\n implementation in the Linux kernel did not properly validate batch messages. A\n local attacker with the CAP_NET_ADMIN capability could use this to expose\n sensitive information or cause a denial of service. (CVE-2016-7917) Qian Zhang\n discovered a heap-based buffer overflow in the tipc_msg_build() function in the\n Linux kernel. A local attacker could use to cause a denial of service (system\n crash) or possibly execute arbitrary code with administrative privileges.\n (CVE-2016-8632) It was discovered that the keyring implementation in the Linux\n kernel in some situations did not prevent special internal keyrings from being\n joined by userspace keyrings. A privileged local attacker could use this to\n bypass module verification. (CVE-2016-9604) It was discovered that a buffer\n overflow existed in the trace subsystem in the Linux kernel. A privileged local\n attacker could use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov\n discovered that KVM implementation in the Linux kernel improperly emulated the\n VMXON instruction. A local attacker in a guest OS could use this to cause a\n denial of service (memory consumption) in the host OS. (CVE-2017-2596) Daniel\n Jiang discovered that a race condition existed in the ipv4 ping socket\n implementation in the Linux kernel. A local privileged attacker could use this\n to cause a denial of service (system crash). (CVE-2017-2671) Di Shen discovered\n that a race condition existed in the perf subsystem of the Linux kernel. A local\n attacker could use this to cause a denial of service or possibly gain\n administrative privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak\n in the keyring implementation in the Linux kernel. A local attacker could use\n this to cause a denial of service (memory consumption). (CVE-2017-7472) Sabrina\n Dubroca discovered that the asynchronous cryptographic hash (ahash)\n implementation in the Linux kernel did not properly handle a full request queue.\n A local attacker could use this to cause a denial of service (infinite\n recursion). (CVE-2017-7618) Tuomas Haanpä ä and Ari Kauppi discovered\n that the NFSv2 and NFSv3 server implementations in the Linux kernel did not\n properly handle certain long RPC replies. A remote attacker could use this to\n cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad\n Spengler discovered that the memory manager in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with\n access to /dev/mem could use this to expose sensitive information or possibly\n execute arbitrary code. ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3312-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3312-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1014-gke\", ver:\"4.4.0-1014.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1018-aws\", ver:\"4.4.0-1018.27\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1057-raspi2\", ver:\"4.4.0-1057.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1059-snapdragon\", ver:\"4.4.0-1059.63\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic-lpae\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-lowlatency\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-e500mc\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-smp\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-smp\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1018.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1014.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1057.58\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1059.52\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:32:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3422-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2016-7097", "CVE-2016-9754", "CVE-2016-9191", "CVE-2016-8650", "CVE-2016-9084", "CVE-2017-5970", "CVE-2016-10200", "CVE-2016-9178", "CVE-2017-1000251", "CVE-2017-6214", "CVE-2016-9083", "CVE-2017-7541", "CVE-2017-6951", "CVE-2017-6346", "CVE-2017-7187", "CVE-2016-10044"], "modified": "2020-06-08T00:00:00", "id": "OPENVAS:1361412562310843312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3422-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843312\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-19 07:43:00 +0200 (Tue, 19 Sep 2017)\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\",\n \"CVE-2016-8650\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\",\n \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2016-9754\", \"CVE-2017-5970\",\n \"CVE-2017-6214\", \"CVE-2017-6346\", \"CVE-2017-6951\", \"CVE-2017-7187\",\n \"CVE-2017-7472\", \"CVE-2017-7541\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3422-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow\n existed in the Bluetooth stack of the Linux kernel when handling L2CAP\n configuration responses. A physically proximate attacker could use this to cause\n a denial of service (system crash). (CVE-2017-1000251) It was discovered that\n the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set\n permissions on aio memory mappings in some situations. An attacker could use\n this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding\n and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2016-10200) Andreas Gruenbacher and Jan Kara discovered that the filesystem\n implementation in the Linux kernel did not clear the setgid bit during a\n setxattr call. A local attacker could use this to possibly elevate group\n privileges. (CVE-2016-7097) Sergej Schumilo, Ralf Spenneberg, and Hendrik\n Schwartke discovered that the key management subsystem in the Linux kernel did\n not properly allocate memory in some situations. A local attacker could use this\n to cause a denial of service (system crash). (CVE-2016-8650) Vlad Tsyrklevich\n discovered an integer overflow vulnerability in the VFIO PCI driver for the\n Linux kernel. A local attacker with access to a vfio PCI device file could use\n this to cause a denial of service (system crash) or possibly execute arbitrary\n code. (CVE-2016-9083, CVE-2016-9084) It was discovered that an information leak\n existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use\n this to expose sensitive information. (CVE-2016-9178) CAI Qian discovered that\n the sysctl implementation in the Linux kernel did not properly perform reference\n counting in some situations. An unprivileged attacker could use this to cause a\n denial of service (system hang). (CVE-2016-9191) It was discovered that the\n keyring implementation in the Linux kernel in some situations did not prevent\n special internal keyrings from being joined by userspace keyrings. A privileged\n local attacker could use this to bypass module verification. (CVE-2016-9604) It\n was discovered that an integer overflow existed in the trace subsystem of the\n Linux kernel. A local privileged attacker could use this to cause a denial of\n service (system crash). (CVE-2016-9754) Andrey Konovalov discovered that the\n IPv4 implementation in the Linux kernel did not properly handle invalid IP\n options in some situations. An attacker could use this to cause a denial of\n service or possibly ex ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3422-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3422-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic-lpae\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-lowlatency\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500mc\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-emb\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:05", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9242", "CVE-2014-9940", "CVE-2017-9075", "CVE-2017-8924", "CVE-2017-7495", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7487", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171122", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1122\");\n script_version(\"2020-01-23T10:51:41+0000\");\n script_cve_id(\"CVE-2014-9940\", \"CVE-2016-10208\", \"CVE-2017-5986\", \"CVE-2017-6353\", \"CVE-2017-7487\", \"CVE-2017-7495\", \"CVE-2017-7645\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1122)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1122\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1122\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1122 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.CVE-2014-9940\n\nRace condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.CVE-2017-5986\n\nnet/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.CVE-2017-6353\n\nThe ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.CVE-2017-7487\n\nfs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.CVE-2017-7495\n\nThe NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.CVE-2017-7645\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.CVE-2017-8890\n\nThe edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.CVE-2017-8924\n\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecifi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.133\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:01", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9242", "CVE-2014-9940", "CVE-2017-9075", "CVE-2017-8924", "CVE-2017-7495", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7487", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171123", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1123\");\n script_version(\"2020-01-23T10:51:53+0000\");\n script_cve_id(\"CVE-2014-9940\", \"CVE-2016-10208\", \"CVE-2017-5986\", \"CVE-2017-6353\", \"CVE-2017-7487\", \"CVE-2017-7495\", \"CVE-2017-7645\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1123)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1123\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1123\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1123 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.CVE-2014-9940\n\nRace condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.CVE-2017-5986\n\nnet/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.CVE-2017-6353\n\nThe ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.CVE-2017-7487\n\nfs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.CVE-2017-7495\n\nThe NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.CVE-2017-7645\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.CVE-2017-8890\n\nThe edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.CVE-2017-8924\n\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecifi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.53.58.73.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3328-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3328-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843209\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 06:58:38 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3328-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3328-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3328-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic-lpae\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-lowlatency\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-e500mc\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-smp\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-emb\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-smp\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-gke USN-3329-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843222", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-gke USN-3329-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843222\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:02:56 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gke USN-3329-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gke'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-gke on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3329-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3329-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1016-gke\", ver:\"4.4.0-1016.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-snapdragon USN-3330-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-snapdragon USN-3330-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843213\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:06 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-snapdragon USN-3330-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-snapdragon'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-snapdragon on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3330-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3330-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1061-snapdragon\", ver:\"4.4.0-1061.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1061.54\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3334-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843215", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3334-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843215\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:28 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3334-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3334-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3334-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic-lpae\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-lowlatency\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-e500mc\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-smp\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-emb\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-smp\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3332-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3332-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843217\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:01:28 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3332-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3332-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3332-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1059-raspi2\", ver:\"4.4.0-1059.67\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1059.60\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3324-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-1000364", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3324-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843220\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:02:11 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3324-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A double free bug was discovered\n in the IPv4 stack of the Linux kernel. An attacker could use this to cause a\n denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an\n IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077)\n Jann Horn discovered that bpf in Linux kernel does not restrict the output of\n the print_bpf_insn function. A local attacker could use this to obtain sensitive\n address information. (CVE-2017-9150) It was discovered that the IPv6 stack was\n doing over write consistency check after the data was actually overwritten. A\n local attacker could exploit this flaw to cause a denial of service (system\n crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3324-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3324-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-24-generic\", ver:\"4.10.0-24.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-24-generic-lpae\", ver:\"4.10.0-24.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-24-lowlatency\", ver:\"4.10.0-24.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.10.0.24.26\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3325-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-1000364", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843210", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3325-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843210\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 06:59:00 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3325-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A double free bug was discovered\n in the IPv4 stack of the Linux kernel. An attacker could use this to cause a\n denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an\n IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077)\n Jann Horn discovered that bpf in Linux kernel does not restrict the output of\n the print_bpf_insn function. A local attacker could use this to obtain sensitive\n address information. (CVE-2017-9150) It was discovered that the IPv6 stack was\n doing over write consistency check after the data was actually overwritten. A\n local attacker could exploit this flaw to cause a denial of service (system\n crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3325-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3325-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1008-raspi2\", ver:\"4.10.0-1008.11\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1008.10\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3331-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-aws USN-3331-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843216\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:47 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3331-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3331-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3331-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1020-aws\", ver:\"4.4.0-1020.29\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:51", "description": " ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-15T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2017-08-15T00:00:00", "id": "ELSA-2017-1842-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1842-1.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:37", "description": " ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2017-08-07T00:00:00", "id": "ELSA-2017-1842", "href": "http://linux.oracle.com/errata/ELSA-2017-1842.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:41", "description": "- [3.10.0-514.21.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.21.1]\n- [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400]\n- [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064]\n- [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330]\n- [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330]\n- [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396]\n- [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603]\n- [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013]\n- [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115]\n- [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750]\n- [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450]\n- [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450]\n- [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688]\n- [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832]\n- [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832]\n- [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054]\n- [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910}\n- [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646}\n- [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397]\n- [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397]\n- [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397]\n- [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397]\n- [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285]\n[3.10.0-514.20.1]\n- [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077]\n- [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397]\n- [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524]\n- [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780]\n- [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898]\n- [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898]\n- [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172]\n- [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284]\n- [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005]\n- [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346]\n- [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182]\n- [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419]\n- [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945]\n- [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296]\n- [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296]\n- [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076]\n- [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767]\n- [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286]\n[3.10.0-514.19.1]\n- [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301]\n- [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105]\n[3.10.0-514.18.1]\n- [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571]\n- [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571]\n- [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571]\n- [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571]\n- [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289]\n[3.10.0-514.17.1]\n- [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521]\n- [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881]\n- [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2016-8646", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7308"], "modified": "2017-05-26T00:00:00", "id": "ELSA-2017-1308", "href": "http://linux.oracle.com/errata/ELSA-2017-1308.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:39", "description": "- [3.10.0-514.21.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.21.1.el7]\n- [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400]\n- [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064]\n- [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330]\n- [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330]\n- [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396]\n- [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603]\n- [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013]\n- [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115]\n- [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750]\n- [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450]\n- [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450]\n- [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688]\n- [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832]\n- [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832]\n- [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054]\n- [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910}\n- [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646}\n- [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397]\n- [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397]\n- [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397]\n- [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397]\n- [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285]\n[3.10.0-514.20.1.el7]\n- [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077]\n- [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397]\n- [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524]\n- [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780]\n- [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898]\n- [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898]\n- [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172]\n- [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284]\n- [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005]\n- [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346]\n- [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182]\n- [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419]\n- [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945]\n- [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296]\n- [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296]\n- [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076]\n- [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767]\n- [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286]\n[3.10.0-514.19.1.el7]\n- [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301]\n- [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105]\n[3.10.0-514.18.1.el7]\n- [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571]\n- [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571]\n- [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571]\n- [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571]\n- [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289]\n[3.10.0-514.17.1.el7]\n- [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521]\n- [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881]\n- [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2016-8646", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7308"], "modified": "2017-05-26T00:00:00", "id": "ELSA-2017-1308-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1308-1.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:49", "description": "- [3.10.0-514.26.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-28T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2017-06-28T00:00:00", "id": "ELSA-2017-1615", "href": "http://linux.oracle.com/errata/ELSA-2017-1615.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:26", "description": "- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-28T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2017-06-28T00:00:00", "id": "ELSA-2017-1615-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1615-1.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:45", "description": "- [3.10.0-514.16.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.16.1]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n[3.10.0-514.15.1]\n- [net] vxlan: fix oops in dev_fill_metadata_dst (Paolo Abeni) [1427847 1423068]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [x86] perf/x86: Fix NMI measurements (Jiri Olsa) [1425804 1405101]\n- [x86] Warn when NMI handlers take large amounts of time (Jiri Olsa) [1425804 1405101]\n- [nvme] apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Gustavo Duarte) [1423439 1409122]\n- [crypto] qat - zero esram only for DH85x devices (Neil Horman) [1422575 1382849]\n- [crypto] qat - fix bar discovery for c62x (Neil Horman) [1422575 1382849]\n- [fs] xfs: remove racy hasattr check from attr ops (Brian Foster) [1421202 1395538]\n- [fs] dlm: free workqueues after the connections (Marcelo Leitner) [1421197 1383710]\n- [netdrv] igb: re-assign hw address pointer on reset after PCI error (Gustavo Duarte) [1419459 1413043]\n- [kernel] timekeeping: Increment clock_was_set_seq in timekeeping_init() (Prarit Bhargava) [1418947 1409214]\n- [kernel] timekeeping: Use timekeeping_update() instead of memcpy() (Prarit Bhargava) [1418947 1409214]\n- [fs] libceph: no need to drop con->mutex for ->get_authorizer() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: drop len argument of *verify_authorizer_reply() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: verify authorize reply on connect (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: no need for GFP_NOFS in ceph_monc_init() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: stop allocating a new cipher on every crypto request (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: uninline ceph_crypto_key_destroy() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: remove now unused ceph_*{en, de}crypt*() functions (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: switch ceph_x_decrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: switch ceph_x_encrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: tweak calcu_signature() a little (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: rename and align ceph_x_authorizer::reply_buf (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: introduce ceph_crypt() for in-place en/decryption (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: introduce ceph_x_encrypt_offset() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: old_key in process_one_ticket() is redundant (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: ceph_x_encrypt_buflen() takes in_len (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: Remove unnecessary ivsize variables (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: Use skcipher (Ilya Dryomov) [1418316 1408170]\n- [scsi] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands (Ewan Milne) [1417923 1403849]\n- [netdrv] ibmvnic: Start completion queue negotiation at server-provided optimum values (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix missing brackets in init_sub_crq_irqs (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Update MTU after device initialization (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix GFP_KERNEL allocation in interrupt context (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: fix error return code in ibmvnic_probe() (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: convert to use simple_open() (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Handle backing device failover and reinitialization (Steve Best) [1418309 1403692]\n- [tools] perf ppc64le: Fix build failure when libelf is not present (Jiri Olsa) [1414710 1376534]\n- [tools] perf probe ppc64le: Fix probe location when using DWARF (Jiri Olsa) [1414710 1376534]\n- [tools] perf probe: Add function to post process kernel trace events (Jiri Olsa) [1414710 1376534]\n- [tools] perf symbols: Fix kallsyms perf test on ppc64le (Jiri Olsa) [1414710 1376534]\n- [tools] perf powerpc: Fix kprobe and kretprobe handling with kallsyms on ppc64le (Jiri Olsa) [1414710 1376534]\n- [netdrv] bnx2x: Use the correct divisor value for PHC clock readings (Michal Schmidt) [1413996 1175585]\n- [fs] seq_file: reset iterator to first record for zero offset (Miklos Szeredi) [1413681 1386642]\n[3.10.0-514.14.1]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] {CVE-2017-6074}\n- [net] sctp: check af before verify address in sctp_addr_id2transport (Xin Long) [1419837 1414389]\n- [net] sctp: sctp_addr_id2transport should verify the addr before looking up assoc (Xin Long) [1419837 1414389]\n[3.10.0-514.13.1]\n- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1422380 1406850]\n- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1422380 1406850]\n- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1422380 1406850]\n- [fs] xfs: ioends require logically contiguous file offsets (Brian Foster) [1421203 1398005]\n- [fs] xfs: don't chain ioends during writepage submission (Brian Foster) [1421203 1398005]\n- [fs] xfs: factor mapping out of xfs_do_writepage (Brian Foster) [1421203 1398005]\n- [fs] xfs: xfs_cluster_write is redundant (Brian Foster) [1421203 1398005]\n- [fs] xfs: Introduce writeback context for writepages (Brian Foster) [1421203 1398005]\n- [fs] xfs: remove xfs_cancel_ioend (Brian Foster) [1421203 1398005]\n- [fs] xfs: remove nonblocking mode from xfs_vm_writepage (Brian Foster) [1421203 1398005]\n- [fs] mm/filemap.c: make global sync not clear error status of individual inodes (Brian Foster) [1421203 1398005]\n[3.10.0-514.12.1]\n- [fs] fscache: Fix dead object requeue (David Howells) [1420737 1415402]\n[3.10.0-514.11.1]\n- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Chad Dupuis) [1418317 1408387]\n- [mm] memcontrol: do not recurse in direct reclaim (Rik van Riel) [1417192 1397330]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-12T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2618", "CVE-2017-2636", "CVE-2017-6074"], "modified": "2017-04-12T00:00:00", "id": "ELSA-2017-0933", "href": "http://linux.oracle.com/errata/ELSA-2017-0933.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:33", "description": "- [3.10.0-514.10.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.10.2]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463]\n[3.10.0-514.10.1]\n- [block] blk-mq: Fix NULL pointer updating nr_requests (David Milburn) [1416133 1384066]\n- [scsi] cxlflash: Fix crash in cxlflash_restore_luntable() (Gustavo Duarte) [1415146 1400524]\n- [scsi] cxlflash: Improve context_reset() logic (Gustavo Duarte) [1415146 1400524]\n- [scsi] cxlflash: Avoid command room violation (Gustavo Duarte) [1415146 1400524]\n- [x86] Mark Kaby Lake with Kaby Lake PCH as supported (David Arcari) [1415094 1391219]\n- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1414687 1324918]\n- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1414687 1324918]\n- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1414687 1324918]\n- [mm] meminit: initialise more memory for inode/dentry hash tables in early boot (Yasuaki Ishimatsu) [1413623 1404584]\n- [s390] mem_detect: Revert 'add DAT sanity check' (Hendrik Brueckner) [1413600 1391540]\n- [cpufreq] intel_pstate: Fix code ordering in intel_pstate_set_policy() (Prarit Bhargava) [1411818 1398072]\n- [scsi] cxlflash: Improve EEH recovery time (Steve Best) [1402442 1397588]\n- [scsi] cxlflash: Fix to avoid EEH and host reset collisions (Steve Best) [1402442 1397588]\n- [scsi] cxlflash: Remove the device cleanly in the system shutdown path (Steve Best) [1402442 1397588]\n- [scsi] cxlflash: Scan host only after the port is ready for I/O (Steve Best) [1402442 1397588]\n- [x86] kvm: x86: Check memopp before dereference (Mateusz Guzik) [1395805 1395806] {CVE-2016-8630}\n- [vfio] pci: Fix integer overflows, bitmask check (Mateusz Guzik) [1394627 1394991 1394628 1394992] {CVE-2016-9083 CVE-2016-9084}\n- [acpi] acpi / scan: use platform bus type by default for _HID enumeration (Tony Camuso) [1393727 1383505]\n- [acpi] acpi / scan: introduce platform_id device PNP type flag (Tony Camuso) [1393727 1383505]\n- [char] ipmi: Convert the IPMI SI ACPI handling to a platform device (Tony Camuso) [1393727 1383505]\n- [acpi] acpi / ipmi: Cleanup coding styles (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Cleanup some inclusion codes (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Cleanup some initialization codes (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Cleanup several acpi_ipmi_device members (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Add reference counting for ACPI IPMI transfers (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Use global IPMI operation region handler (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI user (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Fix race caused by the timed out ACPI IPMI transfers (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI transfers (David Arcari) [1393725 1373703]\n- [acpi] acpi / ipmi: Fix potential response buffer overflow (David Arcari) [1393725 1373703]\n[3.10.0-514.9.1]\n- [drm] i915/kbl: Remove preliminary_hw_support protection from KBL. (Rob Clark) [1413092 1305702]\n- [netdrv] slip: Fix deadlock in write_wakeup (Steve Best) [1412225 1403497]\n- [netdrv] slip: fix spinlock variant (Steve Best) [1412225 1403497]\n- [kernel] kmod: use system_unbound_wq instead of khelper (Luiz Capitulino) [1411816 1395860]\n- [nvme] switch abort to blk_execute_rq_nowait (David Milburn) [1411669 1392923]\n- [netdrv] ibmveth: calculate gso_segs for large packets (Gustavo Duarte) [1411382 1361958]\n- [netdrv] ibmveth: set correct gso_size and gso_type (Gustavo Duarte) [1411382 1361958]\n- [netdrv] allow macvlans to move to net namespace (Jarod Wilson) [1409829 1368830]\n- [pci] Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) (Myron Stowe) [1406290 1387674]\n- [pci] Export pcie_find_root_port() (Myron Stowe) [1406290 1387674]\n- [rtc] cmos: Initialize hpet timer before irq is registered (Pratyush Anand) [1404184 1299001]\n- [x86] amd: Fix cpu_llc_id for AMD Fam17h systems (Suravee Suthikulpanit) [1402444 1395399]\n- [powerpc] powernv: Fix stale PE primary bus (Steve Best) [1402440 1395275]\n- [misc] cxl: Fix coredump generation when cxl_get_fd() is used (Gustavo Duarte) [1402439 1397943]\n- [pci] cxl: use pcibios_free_controller_deferred() when removing vPHBs (Gustavo Duarte) [1402438 1395323]\n- [scsi] qla2xxx: do not abort all commands in the adapter during EEH recovery (Gustavo Duarte) [1402436 1393254]\n- [scsi] qla2xxx: fix invalid DMA access after command aborts in PCI device remove (Gustavo Duarte) [1402436 1393254]\n- [scsi] qla2xxx: do not queue commands when unloading (Gustavo Duarte) [1402436 1393254]\n- [net] packet: fix race condition in packet_set_ring (Hangbin Liu) [1401852 1401853] {CVE-2016-8655}\n[3.10.0-514.8.1]\n- [netdrv] i40e: Fix corruption when transferring large files (Stefan Assmann) [1413101 1404060]\n[3.10.0-514.7.1]\n- [kernel] printk: avoid livelock if another CPU printks continuously (Denys Vlasenko) [1402314 1294066]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-02T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2017-03-02T00:00:00", "id": "ELSA-2017-0386", "href": "http://linux.oracle.com/errata/ELSA-2017-0386.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:31", "description": "- [3.10.0-514.6.10.0.1.el7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-03T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2017-03-03T00:00:00", "id": "ELSA-2017-0386-1", "href": "http://linux.oracle.com/errata/ELSA-2017-0386-1.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:33", "description": "- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.16.1.el7]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-13T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2618", "CVE-2017-2636"], "modified": "2017-04-13T00:00:00", "id": "ELSA-2017-0933-1", "href": "http://linux.oracle.com/errata/ELSA-2017-0933-1.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:50", "description": "kernel-uek\n[4.1.12-61.1.27]\n- vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] {CVE-2016-9083} {CVE-2016-9084}\n- Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] {CVE-2016-9576}\n- kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] {CVE-2016-8630}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] {CVE-2016-8646}\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] {CVE-2016-4485}\n[4.1.12-61.1.26]\n- xen-netback: fix extra_info handling in xenvif_tx_err() (Paul Durrant) [Orabug: 25445336] \n- net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug: 25458076] \n- tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076] \n- xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel) [Orabug: 25430143]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2017-02-06T00:00:00", "id": "ELSA-2017-3514", "href": "http://linux.oracle.com/errata/ELSA-2017-3514.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:47", "description": "kernel-uek\n[4.1.12-103.3.8]\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365}\n[4.1.12-103.3.7]\n- i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222]\n[4.1.12-103.3.6]\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497]\n[4.1.12-103.3.5]\n- dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533}\n[4.1.12-103.3.4]\n- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200}\n- ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] \n- fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] \n- Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] \n- ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] \n- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797}\n- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797}\n- ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927]\n[4.1.12-103.3.2]\n- rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] \n- Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] \n- xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] \n- ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] \n- Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] \n- MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477}\n- sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671}\n- PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] \n- xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li)\n[4.1.12-103.3.1]\n- MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] \n- IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] \n- ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074}\n- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] \n- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] \n- blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] \n- blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] \n- nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] \n- nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] \n- nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] \n- Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] \n- rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] \n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] \n- Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] \n- mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] \n- scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] \n- scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] \n- scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] \n- Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] \n- NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] \n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] \n- xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] \n- sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] \n- selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] \n- sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] \n- cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] \n- sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] \n- sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] \n- SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] \n- bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] \n- arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] \n- kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] \n- locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] \n- locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] \n- locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] \n- locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] \n- qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] \n- qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] \n- qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] \n- qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] \n- qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] \n- qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] \n- qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] \n- qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] \n- qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] \n- qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] \n- qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] \n- qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] \n- qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] \n- qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] \n- qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] \n- qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] \n- qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] \n- qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] \n- qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] \n- qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] \n- qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] \n- qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] \n- qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] \n- qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] \n- qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] \n- qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] \n- qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] \n- qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] \n- qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] \n- qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] \n- qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] \n- qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] \n- qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] \n- qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] \n- qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] \n- qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] \n- SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] \n- btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] \n- btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] \n- btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] \n- Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] \n- Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] \n- net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363}\n- drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] \n- dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] \n- bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] \n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077}\n- lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] \n- lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] \n- lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] \n- lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] \n- lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] \n- scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] \n- lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] \n- lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] \n- lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] \n- lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] \n- lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] \n- scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] \n- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] \n- Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] \n- blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] \n- RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] \n- xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] \n- be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] \n- benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] \n- be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] \n- be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] \n- drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] \n- be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] \n- be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] \n- be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] \n- be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] \n- be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] \n- net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] \n- net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] \n- dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] \n- dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] \n- sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] \n- uek-rpm: change memory allocator from slab to slub (Allen Pais) \n- arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] \n- drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] \n- sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] \n- sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] \n- i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] \n- sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] \n- sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] \n- sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] \n- i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] \n- watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] \n- watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] \n- sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] \n- i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] \n- sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] \n- SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] \n- SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] \n- i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] \n- sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] \n- sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] \n- sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] \n- sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] \n- Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] \n- [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] \n- IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] \n- scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] \n- scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] \n- scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] \n- scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] \n- scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] \n- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890}\n- Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] \n- aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] \n- IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] \n- bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] \n- bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] \n- bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] \n- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] \n- bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] \n- i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] \n- i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] \n- i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] \n- i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] \n- i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] \n- i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] \n- i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] \n- i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] \n- i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] \n- i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] \n- i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] \n- i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] \n- i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] \n- i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] \n- i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] \n- i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] \n- i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] \n- i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] \n- i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] \n- i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] \n- i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] \n- i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] \n- i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] \n- i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] \n- i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] \n- i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] \n- i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] \n- i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] \n- i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] \n- i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] \n- i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] \n- scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] \n- i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] \n- i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] \n- i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] \n- i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] \n- i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] \n- i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] \n- i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] \n- i40evf: add comment (Mitch Williams) [Orabug: 26403617] \n- i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] \n- i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] \n- i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] \n- i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] \n- i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] \n- i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] \n- i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] \n- i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] \n- i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] \n- i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] \n- i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] \n- i40evf: track outstanding client request (Mitch Williams) \n- i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] \n- i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] \n- i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] \n- i40e: remove unused function (Mitch Williams) [Orabug: 26403617] \n- i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) \n- i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] \n- i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] \n- i40evf: remove unused device ID (Mitch Williams) \n- i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] \n- i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] \n- i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] \n- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] \n- i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] \n- i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] \n- aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] \n- dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] \n- sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] \n- fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] \n- sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] \n- Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] \n- net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] \n- x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] \n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645}\n- sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] \n- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] \n- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] \n- xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] \n- xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] \n- xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] \n- xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] \n- xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] \n- xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] \n- rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] \n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] \n- dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] \n- e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] \n- e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] \n- e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] \n- e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] \n- Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] \n- e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] \n- e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] \n- e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] \n- e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] \n- e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] \n- e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] \n- e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] \n- e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] \n- e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] \n- e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] \n- e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] \n- e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] \n- e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] \n- e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] \n- e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] \n- e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] \n- e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] \n- e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] \n- e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] \n- e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] \n- e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] \n- e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] \n- e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] \n- e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] \n- e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] \n- ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] \n- ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] \n- ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] \n- ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] \n- ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] \n- ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] \n- ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] \n- ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) \n- ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] \n- ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] \n- ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] \n- ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] \n- ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] \n- net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] \n- IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] \n- uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] \n- igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] \n- igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] \n- igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] \n- igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] \n- igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] \n- igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] \n- igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] \n- igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] \n- igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] \n- igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] \n- igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] \n- igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] \n- igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] \n- igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] \n- igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] \n- igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] \n- Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] \n- igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] \n- igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] \n- igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] \n- igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] \n- igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] \n- igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] \n- igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] \n- igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] \n- igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] \n- igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] \n- igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] \n- igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] \n- igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] \n- igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] \n- igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] \n- igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] \n- igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] \n- igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] \n- igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] \n- igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] \n- igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] \n- igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] \n- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] \n- igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] \n- igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] \n- igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] \n- igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] \n- igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] \n- igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] \n- igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] \n- igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] \n- igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] \n- net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] \n- igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] \n- igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] \n- igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] \n- igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] \n- igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] \n- blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] \n- Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] \n- dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] \n- ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] \n- DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] \n- net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] \n- nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] \n- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] \n- percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] \n- block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] \n- vfio/pci: Fix unsigned comparison overflow (Alex Williamson) \n- restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] \n- sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] \n- nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] \n- nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] \n- IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] \n- btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] \n- btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] \n- btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] \n- btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] \n- btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] \n- Fix Express lane queue creation. (James Smart) [Orabug: 26102276] \n- uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] \n- rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] \n- rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] \n- rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] \n- Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912]\n[4.1.12-103.2.1]\n- uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] \n- uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] \n- sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) \n- sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] \n- sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] \n- xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] \n- NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] \n- sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] \n- sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997]\n[4.1.12-103.1.1]\n- Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] \n- scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] \n- Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] \n- PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] \n- NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] \n- nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] \n- nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] \n- nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] \n- NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] \n- NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] \n- nvme: Limit command retries (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] \n- NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] \n- nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] \n- nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] \n- nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] \n- blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] \n- NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] \n- NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] \n- NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] \n- nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] \n- NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] \n- nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] \n- nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] \n- nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] \n- nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] \n- NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] \n- NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] \n- nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] \n- NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] \n- block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] \n- nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] \n- nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] \n- block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] \n- nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] \n- nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] \n- nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] \n- NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] \n- NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] \n- nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] \n- nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] \n- NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] \n- NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] \n- NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] \n- nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] \n- nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] \n- nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] \n- NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] \n- nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] \n- nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] \n- nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] \n- nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] \n- nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] \n- nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] \n- NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] \n- NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] \n- NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] \n- nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] \n- nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] \n- NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] \n- nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] \n- nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] \n- nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] \n- nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] \n- nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] \n- nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] \n- nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] \n- nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] \n- nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] \n- nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use offset instead of a struct for registers (Christoph Hellwig) \n- nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] \n- nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] \n- block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] \n- block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] \n- nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] \n- nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] \n- NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] \n- NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] \n- Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] \n- Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- Revert 'nvme: Limit command retries' (Ashok Vairavan) \n- Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) \n- Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) \n- Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) \n- Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] \n- ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] \n- kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] \n- ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] \n- IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] \n- IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] \n- IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] \n- IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] \n- IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] \n- IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] \n- scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] \n- scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] \n- xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] \n- qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] \n- Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] \n- Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] \n- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] \n- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] \n- uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] \n- ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] \n- IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] \n- Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) \n- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] \n- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] \n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895}\n- sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] \n- sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) \n- sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) \n- sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] \n- sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] \n- sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] \n- sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] \n- sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] \n- mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] \n(Vijay Kumar) [Orabug: 25808647] \n- arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] \n- asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] \n- asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] \n- sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] \n- ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] \n- sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] \n- sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] \n- Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) \n- SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] \n- sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] \n- ldmvsw: unregistering netdev before disable hardware (Thomas Tai) \n- arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] \n- sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] \n- arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] \n- arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] \n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] \n- sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] \n- sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] \n- bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] \n- PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] \n- sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] \n- lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) \n- config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) \n- sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] \n- sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] \n- xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] \n- xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] \n- xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] \n- xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] \n- xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] \n- xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] \n- xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] \n- include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] \n- xen-netback: fix type mismatch warning (Arnd Bergmann) \n- xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) \n- xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) \n- xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) \n- xen-netback: process guest rx packets in batches (David Vrabel) \n- xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) \n- xen-netback: refactor guest rx (David Vrabel) \n- xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) \n- xen-netback: separate guest side rx code into separate module (Paul Durrant) \n- x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] \n- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] \n- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] \n- RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] \n- mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] \n- sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] \n- sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] \n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229}\n- net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] \n- Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] \n- I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] \n- xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] \n- mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] \n- xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] \n- xen: events: Replace BUG() with BUG_ON() (Shyam Saini) \n- xen: remove stale xs_input_avail() from header (Juergen Gross) \n- xen: return xenstore command failures via response instead of rc (Juergen Gross) \n- xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) \n- xen/evtchn: use rb_entry() (Geliang Tang) \n- xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) \n- xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) \n- xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) \n- xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) \n- x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) \n- xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) \n- xen: xenbus: set error code on failure (Pan Bian) \n- xen: set error code on failures (Pan Bian) \n- xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) \n- xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) \n- tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) \n- xen-scsifront: Add a missing call to kfree (Quentin Lambert) \n- xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) \n- xen-netback: fix error handling output (Arnd Bergmann) \n- xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) \n- xen: introduce xenbus_read_unsigned() (Juergen Gross) \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) \n- xenbus: check return value of xenbus_scanf() (Jan Beulich) \n- xenbus: prefer list_for_each() (Jan Beulich) \n- xenbus: advertise control feature flags (Juergen Gross) \n- xen/pciback: support driver_override (Juergen Gross) \n- xen/pciback: avoid multiple entries in slot list (Juergen Gross) \n- xen/pciback: simplify pcistub device handling (Juergen Gross) \n- x86/xen: add missing\n at end of printk warning message (Colin Ian King) \n- xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) \n- xen: Sync xen header (Juergen Gross) \n- xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) \n- xen: Make VPMU init message look less scary (Juergen Gross) \n- xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) \n- kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) \n- xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) \n- proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) \n- xen: Resume PMU from non-atomic context (Boris Ostrovsky)\n[4.1.12-102]\n- Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] \n- Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] \n- Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] \n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] \n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583}\n- gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) \n- gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] \n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644}\n- sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] \n- xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) \n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187}\n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] \n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669}\n[4.1.12-101]\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088}\n- tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] \n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910}\n- xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] \n- fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] \n- fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] \n- fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] \n- IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] \n- Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] \n- IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] \n- dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537]\n[4.1.12-100]\n- ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] \n- netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] \n- ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] \n- ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] \n- xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] \n- xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] \n- direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] \n- Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] \n- PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] \n- OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] \n- PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] \n- PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] \n- PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] \n- PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] \n- PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] \n- Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] \n- target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] \n- target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] \n- x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] \n- x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] \n- x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] \n- perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] \n- perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] \n- x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] \n- dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273}\n- ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] \n- ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] \n- ctf: bitfield support (Nick Alcock) [Orabug: 25815129] \n- ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] \n- ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] \n- ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] \n- ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] \n- ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) \n- ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] \n- ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] \n- DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] \n- dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] \n- dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] \n- dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] \n- dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] \n- dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] \n- dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361]\n[4.1.12-99]\n- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] \n- qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] \n- Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] \n- Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] \n- xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] \n- xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] \n- dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] \n- Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] \n- x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] \n- x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] \n- x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] \n- fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] \n- fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] \n- fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] \n- fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] \n- ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] \n- ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] \n- sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] \n- sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] \n- sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] \n- arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] \n- arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] \n- sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] \n- sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] \n- SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] \n- SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] \n- PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] \n- sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] \n- sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] \n- sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] \n- sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] \n- sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] \n- sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] \n- sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] \n- sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] \n- sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] \n- sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] \n- sparc64: tsb size expansion (bob picco) [Orabug: 25448108] \n- sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] \n- sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) \n- sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] \n- sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] \n- sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] \n- blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] \n- sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542]\n[4.1.12-98]\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] \n- KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) \n- Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] \n- sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] \n- sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) \n- sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] \n- sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] \n- SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] \n- arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] \n- sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] \n- ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] \n- dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] \n- dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256]\n[4.1.12-97]\n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] \n- sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] \n- SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] \n- sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] \n- arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] \n- SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] \n- ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] \n- ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] \n- sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] \n- hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] \n- tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] \n- vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] \n- SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] \n- sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] \n- sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] \n- SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906]\n[4.1.12-96]\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022]\n[4.1.12-95]\n- PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] \n- Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-23T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9604", "CVE-2016-9644", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-12134", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6347", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7477", "CVE-2017-7533", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2017-08-23T00:00:00", "id": "ELSA-2017-3609", "href": "http://linux.oracle.com/errata/ELSA-2017-3609.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:35", "description": "kernel-uek\n[4.1.12-94.5.7]\n- Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26444722] \n- Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26444722] \n- Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26444722] \n- Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26444722] \n- blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26385993] \n- blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26385993] \n- nvme: Complete all stuck requests (Keith Busch) [Orabug: 26385993] \n- nvme: Don't suspend admin queue that wasn't created (Gabriel Krisman Bertazi) [Orabug: 26385993] \n- nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26385993] \n- nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26385993] \n- nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26385993] \n- sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26408570] \n- SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26221921] \n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380}\n- xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452561] \n- xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452561] \n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26476721] \n- Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26476721]\n[4.1.12-94.5.6]\n- net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26367820] \n- net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26354016] \n- NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26361950] \n- btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362382] \n- btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362382] \n- btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] \n- btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] \n- btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362382] \n- btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362382] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403937] {CVE-2017-1000363}\n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404000] {CVE-2017-9077}\n[4.1.12-94.5.5]\n- Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26426837] \n- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 26245885] \n- aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291288] \n- IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26308324] \n- aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26308827] \n- RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351414] \n- bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] \n- dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26402533] \n- bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] \n- bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] \n- x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 26387040] \n- x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 26387040] \n- x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 26387040] \n- perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 26387040] \n- perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 26387040] \n- bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397292] \n- net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26406403]\n[4.1.12-94.5.4]\n- block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 25654233] \n- mlx4: add diagnostic counters via sysfs (Chris Gray) [Orabug: 25743434] \n- x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26355098] \n- net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350965] \n- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477}\n- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366009] {CVE-2017-7645}\n[4.1.12-94.5.3]\n- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354399] \n- xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354399] \n- xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354399] \n- xfs: don't reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354399] \n- xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354399] \n- xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354399] \n- xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354399] \n- xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354399] \n- xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354399] \n- xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354399] \n- xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354399] \n- xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354399]\n[4.1.12-94.5.2]\n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364}\n- Fix Express lane queue creation. (James Smart) [Orabug: 26241742] \n- rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26298950] \n- IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304710] \n- vfio/pci: Fix unsigned comparison overflow (Alex Williamson) \n- blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321947]\n[4.1.12-94.5.1]\n- percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26223304] \n- percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26223304] \n- percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26223304] \n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26223304] \n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26223304] \n- block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26223304] \n- nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26247244] \n- nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26256275] \n- nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26033880] \n- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26033880] \n- nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26033880] \n- nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26033880] \n- net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265818] \n- IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 25993610] \n- Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 26107170] \n- Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 26107170] \n- NVMe: During NVMe probe, get NVMe device information before mapping the device. (Ashok Vairavan) [Orabug: 26227515] \n- PCI/AER: include header file (Sudip Mukherjee) [Orabug: 26138886] \n- NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 26138886] \n- nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 26138886] \n- nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 26138886] \n- nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 26138886] \n- nvme.h: add AER constants (Christoph Hellwig) [Orabug: 26138886] \n- nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 26138886] \n- nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 26138886] \n- nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 26138886] \n- NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 26138886] \n- NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 26138886] \n- NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 26138886] \n- NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] \n- nvme: Limit command retries (Keith Busch) [Orabug: 26138886] \n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] \n- NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 26138886] \n- nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 26138886] \n- nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 26138886] \n- nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 26138886] \n- blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 26138886] \n- NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 26138886] \n- NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 26138886] \n- NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 26138886] \n- NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 26138886] \n- NVMe: Unbind driver on failure (Keith Busch) [Orabug: 26138886] \n- NVMe: Delete only created queues (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] \n- nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 26138886] \n- nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 26138886] \n- NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 26138886] \n- nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 26138886] \n- nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 26138886] \n- nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 26138886] \n- nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 26138886] \n- nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 26138886] \n- NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 26138886] \n- NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 26138886] \n- nvme: fix cntlid type (Christoph Hellwig) [Orabug: 26138886] \n- nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 26138886] \n- nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 26138886] \n- NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 26138886] \n- block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 26138886] \n- nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 26138886] \n- NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 26138886] \n- nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 26138886] \n- block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 26138886] \n- nvme: rewrite discard support (Ming Lin) [Orabug: 26138886] \n- nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 26138886] \n- nvme: add missing lock nesting notation (Ming Lin) [Orabug: 26138886] \n- NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] \n- nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 26138886] \n- NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 26138886] \n- NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 26138886] \n- nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 26138886] \n- nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 26138886] \n- NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 26138886] \n- NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 26138886] \n- NVMe: Simplify device reset failure (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 26138886] \n- NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 26138886] \n- nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 26138886] \n- nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 26138886] \n- nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 26138886] \n- nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 26138886] \n- nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 26138886] \n- nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 26138886] \n- NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 26138886] \n- NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 26138886] \n- NVMe: Allow request merges (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix io incapable return values (Keith Busch) [Orabug: 26138886] \n- nvme: split pci module out of core module (Ming Lin) [Orabug: 26138886] \n- nvme: split dev_list_lock (Ming Lin) [Orabug: 26138886] \n- nvme: move timeout variables to core.c (Ming Lin) [Orabug: 26138886] \n- nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 26138886] \n- nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 26138886] \n- nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 26138886] \n- nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 26138886] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 26138886] \n- NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 26138886] \n- NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 26138886] \n- NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 26138886] \n- NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 26138886] \n- nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 26138886] \n- nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 26138886] \n- nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 26138886] \n- nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 26138886] \n- NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 26138886] \n- NVMe: Add pci error handlers (Keith Busch) [Orabug: 26138886] \n- nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 26138886] \n- nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 26138886] \n- nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 26138886] \n- nvme: simplify completion handling (Christoph Hellwig) [Orabug: 26138886] \n- nvme: special case AEN requests (Christoph Hellwig) [Orabug: 26138886] \n- nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 26138886] \n- nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Simplify metadata setup (Keith Busch) [Orabug: 26138886] \n- NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 26138886] \n- NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 26138886] \n- nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 26138886] \n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26138886] \n- nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 26138886] \n- nvme: simplify resets (Christoph Hellwig) [Orabug: 26138886] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26138886] \n- nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 26138886] \n- nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 26138886] \n- nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 26138886] \n- nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 26138886] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26138886] \n- nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] \n- nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 26138886] \n- nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 26138886] \n- nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 26138886] \n- nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 26138886] \n- nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 26138886] \n- nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 26138886] \n- nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 26138886] \n- nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 26138886] \n- nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 26138886] \n- nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 26138886] \n- nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 26138886] \n- nvme: use offset instead of a struct for registers (Christoph Hellwig) [Orabug: 26138886] \n- nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] \n- Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 26138886] \n- nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 26138886] \n- block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 26138886] \n- block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 26138886] \n- NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 26138886] \n- nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 26138886] \n- nvme include linux types.h (Christoph Hellwig) [Orabug: 26138886] \n- nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 26138886] \n- NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 26138886] \n- NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 26138886] \n- NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 26138886] \n- Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'nvme: Limit command retries' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) [Orabug: 26138886] \n- Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] \n- net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26268911] \n- net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26268911] \n- net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26268911] \n- net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26268911] \n- uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26270004] [Orabug: 25983319] \n- target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 26270004] \n- target: simplify backend driver registration (Christoph Hellwig) [Orabug: 26270004] \n- IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 26214325] \n- xsigo: UEK4-QU4:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199203] \n- xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 23585649] \n- xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 23585649] \n- xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 23585649] \n- xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 23585649] \n- xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 23585649] \n- xen-netfront: add rx page statistics (Joao Martins) [Orabug: 23585649] \n- xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 23585649] \n- xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 23585649] \n- xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 23585649] \n- xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 23585649] \n- xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 23585649] \n- xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 23585649] \n- xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 23585649] \n- include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 23585649] \n- xen-netback: fix type mismatch warning (Arnd Bergmann) [Orabug: 23585649] \n- xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) [Orabug: 23585649] \n- xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) [Orabug: 23585649] \n- xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) [Orabug: 23585649] \n- xen-netback: process guest rx packets in batches (David Vrabel) [Orabug: 23585649] \n- xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) [Orabug: 23585649] \n- xen-netback: refactor guest rx (David Vrabel) [Orabug: 23585649] \n- xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) [Orabug: 23585649] \n- xen-netback: separate guest side rx code into separate module (Paul Durrant) [Orabug: 23585649] \n- x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 23585649] \n- mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 26087732] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26095774] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308}\n- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308}\n- xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) \n- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108560] {CVE-2017-8890}\n[4.1.12-94.4.1]\n- I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25877674] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891893] {CVE-2017-7273}\n- Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) \n- NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 26046907] \n- xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26086380] \n- RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 26079995] \n- mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 26088056] \n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830] \n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895}\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25997533] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-27T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000380", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9077"], "modified": "2017-07-27T00:00:00", "id": "ELSA-2017-3595", "href": "http://linux.oracle.com/errata/ELSA-2017-3595.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:50", "description": "kernel-uek\n[4.1.12-61.1.25]\n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}\n- nvme: Limit command retries (Keith Busch) [Orabug: 25374751] \n- fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}\n- tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}\n- i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] \n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}\n- netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}\n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}\n[4.1.12-61.1.24]\n- rebuild bumping release", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7042", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2017-01-12T00:00:00", "id": "ELSA-2017-3508", "href": "http://linux.oracle.com/errata/ELSA-2017-3508.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:25:03", "description": "kernel-uek\n[3.8.13-118.16.2]\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793}\n[3.8.13-118.16.1]\n- nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374371] {CVE-2016-6828}\n- logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] \n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25203963] {CVE-2016-9794}\n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] {CVE-2016-8655}\n- x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] \n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] {CVE-2016-7042}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7042", "CVE-2016-8655", "CVE-2016-9793", "CVE-2016-9794"], "modified": "2017-01-12T00:00:00", "id": "ELSA-2017-3509", "href": "http://linux.oracle.com/errata/ELSA-2017-3509.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-08-10T16:34:55", "description": "Security Fix(es) :\n\n - An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.\n (CVE-2016-10200, Important)\n\n - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.\n (CVE-2017-2647, Important)\n\n - It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft- lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues :\n\n - CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20170801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170801_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102645);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170801)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An use-after-free flaw was found in the Linux kernel\n which enables a race condition in the L2TPv3 IP\n Encapsulation feature. A local user could use this flaw\n to escalate their privileges or crash the system.\n (CVE-2016-10200, Important)\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type->match is\n NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their privileges.\n (CVE-2017-2647, Important)\n\n - It was found that the NFSv4 server in the Linux kernel\n did not properly validate layout type when processing\n NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A\n remote attacker could use this flaw to soft- lockup the\n system and thus cause denial of service. (CVE-2017-8797,\n Important)\n\nThis update also fixes multiple Moderate and Low impact security\nissues :\n\n - CVE-2015-8839, CVE-2015-8970, CVE-2016-9576,\n CVE-2016-7042, CVE-2016-7097, CVE-2016-8645,\n CVE-2016-9576, CVE-2016-9588, CVE-2016-9806,\n CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,\n CVE-2017-2671, CVE-2017-5970, CVE-2017-6001,\n CVE-2017-6951, CVE-2017-7187, CVE-2017-7616,\n CVE-2017-7889, CVE-2017-8890, CVE-2017-9074,\n CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,\n CVE-2017-9076, CVE-2017-8890, CVE-2017-9077,\n CVE-2017-9242, CVE-2014-7970, CVE-2014-7975,\n CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=14699\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?392255f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T16:35:45", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2017:1842) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-1842.NASL", "href": "https://www.tenable.com/plugins/nessus/102143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1842. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102143);\n script_version(\"3.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-10741\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-1000379\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"RHSA\", value:\"2017:1842\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:1842) (Stack Clash)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a\nrace condition in the L2TPv3 IP Encapsulation feature. A local user\ncould use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in\nkeyring.c if type->match is NULL. A local user could use this flaw to\ncrash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not\nproperly validate layout type when processing NFSv4 pNFS LAYOUTGET and\nGETDEVICEINFO operands. A remote attacker could use this flaw to\nsoft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security\nissues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,\nCVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,\nCVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,\nCVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951,\nCVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890,\nCVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,\nCVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,\nCVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604,\nCVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes\ndocument linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin\n(Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and\nVasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi\nfor reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for\nreporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by\nOndrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by\nAndreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213\nand CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and\nthe CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red\nHat Enterprise Linux 7.4 Release Notes linked from the References\nsection.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000379\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-10741\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-1000379\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:1842\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1842\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-693.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T16:35:13", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2017:2077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-2077.NASL", "href": "https://www.tenable.com/plugins/nessus/102151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2077. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102151);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-10741\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"RHSA\", value:\"2017:2077\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2017:2077)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a\nrace condition in the L2TPv3 IP Encapsulation feature. A local user\ncould use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in\nkeyring.c if type->match is NULL. A local user could use this flaw to\ncrash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not\nproperly validate layout type when processing NFSv4 pNFS LAYOUTGET and\nGETDEVICEINFO operands. A remote attacker could use this flaw to\nsoft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security\nissues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,\nCVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,\nCVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,\nCVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951,\nCVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890,\nCVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,\nCVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,\nCVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604,\nCVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes\ndocument linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin\n(Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and\nVasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi\nfor reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for\nreporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by\nOndrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by\nAndreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213\nand CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and\nthe CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red\nHat Enterprise Linux 7.4 Release Notes linked from the References\nsection.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9242\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-10741\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:2077\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2077\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-693.rt56.617.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-693.rt56.617.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T16:34:41", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2017:1842) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1842.NASL", "href": "https://www.tenable.com/plugins/nessus/102734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1842 and \n# CentOS Errata and Security Advisory 2017:1842 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102734);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-7970\", \"CVE-2014-7975\", \"CVE-2015-8839\", \"CVE-2015-8970\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-10200\", \"CVE-2016-10741\", \"CVE-2016-6213\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-1000379\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7616\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"RHSA\", value:\"2017:1842\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:1842) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An use-after-free flaw was found in the Linux kernel which enables a\nrace condition in the L2TPv3 IP Encapsulation feature. A local user\ncould use this flaw to escalate their privileges or crash the system.\n(CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in\nkeyring.c if type->match is NULL. A local user could use this flaw to\ncrash the system or, potentially, escalate their privileges.\n(CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not\nproperly validate layout type when processing NFSv4 pNFS LAYOUTGET and\nGETDEVICEINFO operands. A remote attacker could use this flaw to\nsoft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security\nissues :\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,\nCVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,\nCVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,\nCVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951,\nCVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890,\nCVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,\nCVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,\nCVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604,\nCVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes\ndocument linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin\n(Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and\nVasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi\nfor reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for\nreporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by\nOndrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by\nAndreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213\nand CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and\nthe CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on other changes in this release, see the Red\nHat Enterprise Linux 7.4 Release Notes linked from the References\nsection.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004249.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eefc4264\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8797\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T16:35:42", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1842 advisory.\n\n - The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. (CVE-2014-7975)\n\n - The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. (CVE-2016-7042)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. (CVE-2016-9806)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). (CVE-2016-10147)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. (CVE-2016-9588)\n\n - The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. (CVE-2017-2596)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. (CVE-2017-6001)\n\n - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. (CVE-2017-8890)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9077)\n\n - The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.\n (CVE-2014-7970)\n\n - crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. (CVE-2015-8970)\n\n - Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. (CVE-2016-10200)\n\n - fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. (CVE-2016-6213)\n\n - It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. (CVE-2016-9604)\n\n - The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. (CVE-2017-2671)\n\n - The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the dead type. (CVE-2017-6951)\n\n - Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\n - The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. (CVE-2017-9074)\n\n - The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9076)\n\n - The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. (CVE-2017-9242)\n\n - Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\n - Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.\n (CVE-2016-9685)\n\n - The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. (CVE-2017-8797)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. (CVE-2017-9075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2017-1842
Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)
