DATABASE RESOURCES PRICING ABOUT US

{"id": "ORACLELINUX_ELSA-2019-4810.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4810)", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4810 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2019-10-03T00:00:00", "modified": "2021-09-08T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/129551", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9289", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15239", "https://linux.oracle.com/errata/ELSA-2019-4810.html"], "cvelist": ["CVE-2015-9289", "CVE-2019-14283", "CVE-2019-15239"], "immutableFields": [], "lastseen": "2023-01-25T14:44:09", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2019-12-01", "ANDROID:2020-03-01"]}, {"type": "centos", "idList": ["CESA-2019:3979", "CESA-2020:1016"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582"]}, {"type": "cve", "idList": ["CVE-2015-9289", "CVE-2019-14283", "CVE-2019-15239"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4495-1:258DC", "DEBIAN:DSA-4497-1:7E46B", "DEBIAN:DSA-4497-1:F2AF4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-9289", "DEBIANCVE:CVE-2019-14283", "DEBIANCVE:CVE-2019-15239"]}, {"type": "f5", "idList": ["F5:K03007515", "F5:K55335001"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3", "B947805A29EE83AAAED8ABADDD8CFF00AA389BFC4D7DDC49FC3A89A557DD856C"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2020-1016.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DSA-4495.NASL", "DEBIAN_DSA-4497.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2857.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0043_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "OPENSUSE-2019-1923.NASL", "OPENSUSE-2019-1924.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4812.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLEVM_OVMSA-2019-0046.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-2522.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-14157-1.NASL", "SUSE_SU-2019-2068-1.NASL", "SUSE_SU-2019-2070-1.NASL", "SUSE_SU-2019-2071-1.NASL", "SUSE_SU-2019-2072-1.NASL", "SUSE_SU-2019-2073-1.NASL", "SUSE_SU-2019-2262-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3258-1.NASL", "UBUNTU_USN-4114-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4116-1.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "VIRTUOZZO_VZA-2019-086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704495", "OPENVAS:1361412562310704497", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852851", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220201186"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3979", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4812", "ELSA-2019-4820", "ELSA-2020-1016"]}, {"type": "osv", "idList": ["OSV:DLA-1884-1", "OSV:DLA-1885-1", "OSV:DSA-4495-1", "OSV:DSA-4497-1"]}, {"type": "photon", "idList": ["PHSA-2019-0026", "PHSA-2019-0175", "PHSA-2019-0250", "PHSA-2019-1.0-0248", "PHSA-2019-2.0-0175", "PHSA-2019-3.0-0026", "PHSA-2021-0007"]}, {"type": "redhat", "idList": ["RHSA-2019:3978", "RHSA-2019:3979", "RHSA-2020:0027", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:2522"]}, {"type": "redhatcve", "idList": ["RH:CVE-2015-9289", "RH:CVE-2019-14283", "RH:CVE-2019-15239"]}, {"type": "slackware", "idList": ["SSA-2019-226-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "ubuntu", "idList": ["USN-4114-1", "USN-4115-1", "USN-4115-2", "USN-4116-1", "USN-4117-1", "USN-4118-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-9289", "UB:CVE-2019-14283", "UB:CVE-2019-15239"]}, {"type": "veracode", "idList": ["VERACODE:22028", "VERACODE:22924"]}, {"type": "virtuozzo", "idList": ["VZA-2019-086"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2019-12-01", "ANDROID:2020-03-01"]}, {"type": "centos", "idList": ["CESA-2019:3979"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582"]}, {"type": "cve", "idList": ["CVE-2015-9289", "CVE-2019-14283", "CVE-2019-15239"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DSA-4495-1:1269E", "DEBIAN:DSA-4497-1:7E46B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-9289", "DEBIANCVE:CVE-2019-14283", "DEBIANCVE:CVE-2019-15239"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-14283/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-14283/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2015-9289/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-14283/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2019-3979.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DSA-4495.NASL", "DEBIAN_DSA-4497.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3258-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704495", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844157", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844160", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310852665", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3979", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4812", "ELSA-2019-4820"]}, {"type": "photon", "idList": ["PHSA-2019-2.0-0175", "PHSA-2019-3.0-0026"]}, {"type": "redhat", "idList": ["RHSA-2020:0027"]}, {"type": "redhatcve", "idList": ["RH:CVE-2015-9289"]}, {"type": "slackware", "idList": ["SSA-2019-226-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1923-1", "OPENSUSE-SU-2019:1924-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "ubuntu", "idList": ["USN-4114-1", "USN-4115-1", "USN-4115-2", "USN-4116-1", "USN-4117-1", "USN-4118-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15239"]}, {"type": "virtuozzo", "idList": ["VZA-2019-086"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-9289", "epss": "0.000470000", "percentile": "0.142310000", "modified": "2023-03-14"}, {"cve": "CVE-2019-14283", "epss": "0.000760000", "percentile": "0.305880000", "modified": "2023-03-14"}, {"cve": "CVE-2019-15239", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1674658174, "score": 1674658204, "epss": 1678886889}, "_internal": {"score_hash": "02fadea2e752851ca1d896cfd37e80f0"}, "pluginID": "129551", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4810.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129551);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2015-9289\", \"CVE-2019-14283\", \"CVE-2019-15239\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4810)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4810 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4810.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.39.1.el6uek', '3.8.13-118.39.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4810');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.39.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.39.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.39.1.el6uek / dtrace-modules-3.8.13-118.39.1.el7uek / kernel-uek / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2019-15239", "vendor_cvss2": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-10-02T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2021-07-28T14:25:04", "description": "kernel-uek\n[3.8.13-118.39.1]\n- tcp: purge write queue in tcp_connect_init() (Eric Dumazet) [Orabug: 30240134] {CVE-2019-15239}\n- cx24116: fix a buffer overflow when checking userspace params (Mauro Carvalho Chehab) [Orabug: 30254282] {CVE-2015-9289}\n- floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318220] {CVE-2019-14283}\n- ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 30324140]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2019-14283", "CVE-2019-15239"], "modified": "2019-10-02T00:00:00", "id": "ELSA-2019-4810", "href": "http://linux.oracle.com/errata/ELSA-2019-4810.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:06", "description": "[4.1.12-124.32.1]\n- NFSv4: Don't try to reclaim unused state owners (Trond Myklebust) [Orabug: 30124013] \n- x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 30302412] \n- floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318219] {CVE-2019-14283}\n- xen-netback: stop netif TX queue on guest queuing failure (Ankur Arora) [Orabug: 30351050]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-10-01T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14283", "CVE-2019-14821", "CVE-2019-15239", "CVE-2019-15666"], "modified": "2019-10-01T00:00:00", "id": "ELSA-2019-4808", "href": "http://linux.oracle.com/errata/ELSA-2019-4808.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:41", "description": "[2.6.39-400.315.1]\n- loopback: off by one in tcm_loop_make_naa_tpg() (Dan Carpenter) [Orabug: 30254296] {CVE-2011-5327}\n- floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318221] {CVE-2019-14283}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5327", "CVE-2019-14283"], "modified": "2019-10-03T00:00:00", "id": "ELSA-2019-4812", "href": "http://linux.oracle.com/errata/ELSA-2019-4812.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:36", "description": "[3.10.0-1062.7.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1062.7.1]\n- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [kernel] sched/fair: Fix endless loop in idle_balance() (Phil Auld) [1766087 1740941]\n- [kernel] sched: Skip double execution of pick_next_task_fair() (Phil Auld) [1766098 1750819]\n- [kernel] sched/fair: Prevent throttling in early pick_next_task_fair() (Phil Auld) [1756267 1740038]\n- [kernel] sched: Check for stop task appearance when balancing happens (Phil Auld) [1756267 1740038]\n- [kernel] sched/core: Fix endless loop in pick_next_task() (Phil Auld) [1756267 1740038]\n- [kernel] sched/fair: Push down check for high priority class task into idle_balance() (Phil Auld) [1756267 1740038]\n- [kernel] sched/rt: Fix picking RT and DL tasks from empty queue (Phil Auld) [1756267 1740038]\n- [kernel] sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (Phil Auld) [1756265 1722234]\n- [kernel] sched, dl: Convert switched_{from, to}_dl() / prio_changed_dl() to balance callbacks (Phil Auld) [1756265 1722234]\n- [kernel] sched,dl: Remove return value from pull_dl_task() (Phil Auld) [1756265 1722234]\n- [kernel] sched, rt: Convert switched_{from, to}_rt() / prio_changed_rt() to balance callbacks (Phil Auld) [1756265 1722234]\n- [kernel] sched,rt: Remove return value from pull_rt_task() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Allow balance callbacks for check_class_changed() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Use replace normalize_task() with __sched_setscheduler() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Handle priority boosted tasks proper in setscheduler() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Fix broken setscheduler() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Consider pi boosting in setscheduler() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Replace post_schedule with a balance callback list (Phil Auld) [1756265 1722234]\n- [kernel] sched: Guarantee task priority in pick_next_task() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Remove some #ifdeffery (Phil Auld) [1756265 1722234]\n- [kernel] sched: Clean up idle task SMP logic (Phil Auld) [1756265 1722234]\n- [kernel] sched: Fix hotplug task migration (Phil Auld) [1756265 1722234]\n- [kernel] sched/fair: Remove idle_balance() declaration in sched.h (Phil Auld) [1756265 1722234]\n- [kernel] sched: Push down pre_schedule() and idle_balance() (Phil Auld) [1756265 1722234]\n- [kernel] sched/fair: Optimize cgroup pick_next_task_fair() (Phil Auld) [1756265 1722234]\n- [kernel] sched/fair: Clean up the __clear_buddies_*() functions (Phil Auld) [1756265 1722234]\n- [kernel] sched: Push put_prev_task() into pick_next_task() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Move rq->idle_stamp up to the core (Phil Auld) [1756265 1722234]\n- [kernel] sched: Fix race in idle_balance() (Phil Auld) [1756265 1722234]\n- [kernel] sched: Remove 'cpu' parameter from idle_balance() (Phil Auld) [1756265 1722234]\n- [kernel] sched/fair: Reset se-depth when task switched to FAIR (Phil Auld) [1756265 1722234]\n- [kernel] sched/fair: Track cgroup depth (Phil Auld) [1756265 1722234]\n[3.10.0-1062.6.1]\n- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746797 1746798] {CVE-2019-14821}\n- [fs] xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT (Brian Foster) [1764245 1759117]\n- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Desnes Augusto Nunes do Rosario) [1763625 1720930]\n- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Desnes Augusto Nunes do Rosario) [1763625 1720930]\n- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Desnes Augusto Nunes do Rosario) [1763625 1720930]\n- [crypto] crypto: vmx - ghash: do nosimd fallback manually (Desnes Augusto Nunes do Rosario) [1763621 1739765]\n- [crypto] crypto: vmx - Remove overly verbose printk from AES init routines (Desnes Augusto Nunes do Rosario) [1763621 1739765]\n- [crypto] powerpc: Create disable_kernel_{fp, altivec, vsx, spe}() (Desnes Augusto Nunes do Rosario) [1763621 1739765]\n- [crypto] crypto: vmx - CTR: always increment IV as quadword (Desnes Augusto Nunes do Rosario) [1763621 1739765]\n- [crypto] crypto: vmx - fix copy-paste error in CTR mode (Desnes Augusto Nunes do Rosario) [1763621 1739765]\n- [crypto] vmac - separate tfm and request context (Vladis Dronov) [1763620 1733561]\n- [crypto] crypto: blkcipher - fix crash flushing dcache in error path (Vladis Dronov) [1761804 1741525]\n- [crypto] crypto: remove direct blkcipher_walk dependency on transform (Vladis Dronov) [1761804 1741525]\n- [crypto] crypto: user - prevent operating on larval algorithms (Vladis Dronov) [1761804 1741525]\n- [netdrv] net/mlx5e: Support LAG TX port affinity distribution (Alaa Hleihel) [1759449 1724344]\n- [netdrv] net/mlx5e: Expose new function for TIS destroy loop (Alaa Hleihel) [1759449 1724344]\n- [include] net/mlx5: Add lag_tx_port_affinity capability bit (Alaa Hleihel) [1759449 1724344]\n- [netdrv] net/mlx5e: Re-work TIS creation functions (Alaa Hleihel) [1759449 1724344]\n- [netdrv] net/mlx5e: Disallow tc redirect offload cases we don't support (Alaa Hleihel) [1759003 1721626]\n- [netdrv] net/mlx5e: Support ndo_get_phys_port_name for PF under switchdev mode (Alaa Hleihel) [1759003 1721626]\n- [netdrv] net/mlx5e: Expose same physical switch_id for all representors (Alaa Hleihel) [1759003 1721626]\n- [net] tcp: reset sk_send_head in tcp_write_queue_purge (Marcelo Leitner) [1748357 1748358] {CVE-2019-15239}\n- [x86] kvm: x86: vmx: fix vpid leak (Vitaly Kuznetsov) [1755781 1716188]\n- [kvm] kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (Paul Lai) [1757757 1708465]\n- [kvm] kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (Paul Lai) [1757757 1708465]\n- [kvm] kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (Paul Lai) [1757757 1708465]\n- [kvm] kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paul Lai) [1757757 1708465]\n- [kvm] kvm: x86: Introduce kvm_get_msr_feature() (Paul Lai) [1757757 1708465]\n- [kvm] kvm: x86: Add a framework for supporting MSR-based features (Paul Lai) [1757757 1708465]\n- [nvme] nvme: don't ask blk-mq to handle timed-out request (Ming Lei) [1758051 1750202]\n- [block] blk-mq: mark request as REQ_TIMEOUT when .timeout() is called (Ming Lei) [1758051 1750202]\n- [block] blk-mq: introduce blk_mq_clear_rq_complete() (Ming Lei) [1758051 1750202]\n- [block] blk-mq: remove 'sync' argument from __blk_mq_complete_request() (Ming Lei) [1758051 1750202]\n- [nvme] blk-mq: remove blk_mq_complete_request_sync (Ming Lei) [1763624 1730922]\n- [nvme] nvme: wait until all completed request's complete fn is called (Ming Lei) [1763624 1730922]\n- [nvme] nvme: don't abort completed request in nvme_cancel_request (Ming Lei) [1763624 1730922]\n- [block] blk-mq: introduce blk_mq_tagset_wait_completed_request() (Ming Lei) [1763624 1730922]\n- [block] blk-mq: introduce blk_mq_request_completed() (Ming Lei) [1763624 1730922]\n- [scsi] scsi: qla2xxx: Use correct size in call to dma_free_coherent() in qla2400_sp_unmap() (Himanshu Madhani) [1759447 1668767]\n- [scsi] scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Himanshu Madhani) [1759447 1668767]\n- [scsi] scsi: qla2xxx: Fix DMA unmap leak (Himanshu Madhani) [1759447 1668767]\n- [scsi] scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (Himanshu Madhani) [1759447 1668767]\n- [scsi] scsi: fnic: fix msix interrupt allocation (Govindarajulu Varadarajan) [1754836 1745053]\n- [scsi] scsi: fnic: print port speed only at driver init or speed change (Govindarajulu Varadarajan) [1754836 1745053]\n- [nvme] nvme-scsi: updating struct nvme_ctrl (Gopal Tiwari) [1752423 1749524]\n[3.10.0-1062.5.1]\n- [netdrv] ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (Ken Cox) [1757350 1750856]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-11-26T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-14821", "CVE-2019-15239"], "modified": "2019-11-26T00:00:00", "id": "ELSA-2019-3979", "href": "http://linux.oracle.com/errata/ELSA-2019-3979.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:38", "description": "[4.14.35-1902.6.6]\n- RDMA/restrack: Protect from reentry to resource return path (Leon Romanovsky) [Orabug: 30388717]\n[4.14.35-1902.6.5]\n- hv_netvsc: fix vf serial matching with pci slot info (Haiyang Zhang) [Orabug: 30373111] \n- rds: Use correct conn when dropping connections due to cancel (Hakon Bugge) [Orabug: 30293898] \n- scsi: megaraid_sas: Introduce module parameter for default queue depth (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Fix a compilation warning (Qian Cai) [Orabug: 30317396] \n- scsi: megaraid_sas: Make a bunch of functions static (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: Update driver version to 07.710.50.00 (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Add module parameter for FW Async event logging (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Fix calculation of target ID (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Make some symbols static (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: Update driver version to 07.710.06.00-rc1 (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Introduce various Aero performance modes (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Use high IOPS queues based on IO workload (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Set affinity for high IOPS reply queues (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Enable coalescing for high IOPS queues (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Add support for High IOPS queues (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Add support for MPI toolbox commands (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Offload Aero RAID5/6 division calculations to driver (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: RAID1 PCI bandwidth limit algorithm is applicable for only Ventura (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: megaraid_sas: Add check for count returned by HOST_DEVICE_LIST DCMD (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Handle sequence JBOD map failure at driver level (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Dont send FPIO to RL Bypass queue (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: In probe context, retry IOC INIT once if firmware is in fault (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Call disable_irq from process IRQ poll (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Remove few debug counters from IO path (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Add support for Non-secure Aero PCI IDs (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Add 32 bit atomic descriptor support to AERO adapters (Chandrakanth Patil) [Orabug: 30317396] \n- scsi: megaraid_sas: Use struct_size() helper (Gustavo A. R. Silva) [Orabug: 30317396] \n(YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30317396] \n- scsi: megaraid_sas: use octal permissions instead of constants (Tomas Henzl) [Orabug: 30317396] \n- scsi: megaraid_sas: make max_sectors visible in sys (Tomas Henzl) [Orabug: 30317396] \n- scsi: megaraid_sas: remove set but not used variables 'buff_addr' and 'ci_h' (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: remove set but not used variable 'sge_sz' (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: remove set but not used variables 'host' and 'wait_time' (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: remove set but not used variable 'cur_state' (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: Update driver version to 07.708.03.00 (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Export RAID map through debugfs (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Fix MSI-X vector print (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Add debug prints for device list (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Add prints in suspend and resume path (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Print firmware interrupt status (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Print FW fault information (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Export RAID map id through sysfs (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Print BAR information from driver (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Dump system registers for debugging (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Dump system interface regs from sysfs (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Add formatting option for megasas_dump (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Enhance internal DCMD timeout prints (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Enhance prints in OCR and TM path (Sumit Saxena) [Orabug: 30317396] \n- scsi: megaraid_sas: Load balance completions across all MSI-X (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Block PCI config space access from userspace during OCR (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Rework code around controller reset (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: fw_reset_no_pci_access required for MFI adapters only (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Remove unused variable target_index (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: fix spelling mistake 'oustanding' -> 'outstanding' (Colin Ian King) [Orabug: 30317396] \n- scsi: megaraid_sas: Make megasas_host_device_list_query() static (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: reduce module load time (Steve Sistare) [Orabug: 30317396] \n- scsi: megaraid_sas: Remove a bunch of set but not used variables (YueHaibing) [Orabug: 30317396] \n- scsi: megaraid_sas: driver version update (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Rework device add code in AEN path (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Rework code to get PD and LD list (Shivasharan S) [Orabug: 30317396] \n- scsi: megaraid_sas: Retry reads of outbound_intr_status reg (Shivasharan S) [Orabug: 30317396] \n- rds: ib: Optimize rds_ib_laddr_check (Hakon Bugge) [Orabug: 30327669] \n- x86,sched: Allow topologies where NUMA nodes share an LLC (Mridula Shastry) [Orabug: 30068079]\n[4.14.35-1902.6.4]\n- net/rds: Use DMA memory pool allocation for rds_header (Ka-Cheong Poon) [Orabug: 30358057] \n- net/rds: Check laddr_check before calling it (Ka-Cheong Poon) [Orabug: 30319176] \n- x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30298021] \n- x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 30298021] \n- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink (YueHaibing) [Orabug: 30322228] {CVE-2019-15666}\n- floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318218] {CVE-2019-14283}\n- ALSA: line6: Fix write on zero-sized buffer (Takashi Iwai) [Orabug: 30254322] {CVE-2019-15221}\n[4.14.35-1902.6.3]\n- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug: 30328863] {CVE-2019-14821} {CVE-2019-14821}\n- net/rds: Incorrect work request accouting (Ka-Cheong Poon) [Orabug: 30288715] \n- vhost: make sure log_num < in_num (yongduan) [Orabug: 30313999] {CVE-2019-14835}\n- vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30313999] {CVE-2019-14835}\n- vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30313999] \n- RDMA/restrack: Release task struct which was hold by CM_ID object (Leon Romanovsky) [Orabug: 30307611] \n- x86/speculation: Re-initialize x86_spec_ctrl_base/priv during late microcode update (Boris Ostrovsky) [Orabug: 30312533] \n- x86/speculation: Properly initialize percpu variables (Boris Ostrovsky) [Orabug: 30312533] \n- nfsd4: catch some false session retries (J. Bruce Fields) [Orabug: 30172625] \n- nfsd4: fix cached replies to solo SEQUENCE compounds (J. Bruce Fields) [Orabug: 30172625] \n- net/rds: Fix info leak in rds6_inc_info_copy() (Ka-Cheong Poon) [Orabug: 30260894] \n- A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30313262] \n- A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30313262] \n- KVM: svm: svm_set_msr(MSR_IA32_SPEC_CTRL) should allow SPEC_CTRL_SSBD bit (Liam Merwick) [Orabug: 30257820] \n- rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30255694] \n- xen-netfront: do not assume sk_buff_head list is empty in error handling (Dongli Zhang) [Orabug: 30313831]\n[4.14.35-1902.6.2]\n- net/rds: An rds_sock is added too early to the hash table (Ka-Cheong Poon) [Orabug: 30304759] \n- route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (Xin Long) [Orabug: 30276919] \n- KVM: VMX: sync pending posted interrupts based on PIR (Luwei Kang) [Orabug: 30270374] \n- Revert 'KVM: x86: Recompute PID.ON when clearing PID.SN' (Joao Martins) [Orabug: 30270374] \n- x86/tsc: Make calibration refinement more robust (Daniel Vacek) [Orabug: 30260381] \n- xen/swiotlb: remember having called xen_create_contiguous_region() (Juergen Gross) [Orabug: 30255523] \n- xen/swiotlb: simplify range_straddles_page_boundary() (Juergen Gross) [Orabug: 30255523] \n- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (Juergen Gross) [Orabug: 30255523] \n- xen-swiotlb: use actually allocated size on check physical continuous (Joe Jin) [Orabug: 30255523] \n- Bluetooth: hci_uart: check for missing tty operations (Vladis Dronov) [Orabug: 30244614] {CVE-2019-10207} {CVE-2019-10207}\n- IB/mlx5: Fix leaking stack memory to userspace (Jason Gunthorpe) [Orabug: 30244589] {CVE-2018-20855}\n- mm: memcontrol: drain stocks on resize limit (Shakeel Butt) [Orabug: 30229285] \n- mm/memcontrol.c: try harder to decrease [memory,memsw].limit_in_bytes (Andrey Ryabinin) [Orabug: 30229285] \n- memcg: refactor mem_cgroup_resize_limit() (Yu Zhao) [Orabug: 30229285] \n- cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting (Oleg Nesterov) [Orabug: 30229262] \n- drivers: net: Remove unnecessary semicolon (YueHaibing) [Orabug: 29320005] \n- net: cisco: enic: Replace GFP_ATOMIC with GFP_KERNEL (Jia-Ju Bai) [Orabug: 29320005] \n- enic: fix UDP rss bits (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: drop IP proto check for vxlan tunnel delete (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: fix boolreturn.cocci warnings (Fengguang Wu) [Orabug: 29320005] \n- enic: set IG desc cache flag in open (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: set UDP rss flag (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: Check if hw supports multi wq with vxlan offload (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: Add vxlan offload support for IPv6 pkts (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: Check inner ip proto for pseudo header csum (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: add wq clean up budget (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: add sw timestamp support (Govindarajulu Varadarajan) [Orabug: 29320005] \n- enic: Add support for 'ethtool -g/-G' (Parvi Kaustubhi) [Orabug: 29320005] \n- enic: reset fetch index (Parvi Kaustubhi) [Orabug: 29320005] \n- cgroup: make code and documentation consistent for cgroup cpuset v2 (chris hyser) [Orabug: 29447566] \n- x86: cpu: update blacklist spec features for late loading (Mihai Carabas) [Orabug: 29336757] \n- x86: cpu: bugs.c: update cpu_smt_disable to support late loading (Mihai Carabas) [Orabug: 29336757] \n- x86: cpu: bugs.c: create microcode late loading logic (Mihai Carabas) [Orabug: 29336757] \n- x86: cpu: bugs.c: remove init attribute from functions and variables (Mihai Carabas) [Orabug: 29336757] \n- x86: kernel: cpu: bugs.c: modify static_has to boot_bas (Mihai Carabas) [Orabug: 29336757] \n- x86: cpu: modify boot_command_line to saved_command_line (Mihai Carabas) [Orabug: 29336757] \n- x86: cpu: microcode: update flags for all cpus (Mihai Carabas) [Orabug: 29336757]\n[4.14.35-1902.6.1]\n- rds: Bring loop-back peer down as well (Hakon Bugge) [Orabug: 30290065] \n- rds: ib: Avoid connect retry on loopback connections (Hakon Bugge) [Orabug: 30290065] \n- net/rds: Adding missing 'dev_put' to __flush_eth_arp_entry() (Gerd Rausch) [Orabug: 30290073]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-10-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-10207", "CVE-2019-14283", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15221", "CVE-2019-15666"], "modified": "2019-10-11T00:00:00", "id": "ELSA-2019-4820", "href": "http://linux.oracle.com/errata/ELSA-2019-4820.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:01", "description": "[3.10.0-1127.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1127]\n- [fs] flexfiles: Dont tie up all the rpciod threads in resends (Benjamin Coddington) [1778963]\n[3.10.0-1126]\n- [scsi] scsi: qla2xxx: Fix unbound NVME response length (Himanshu Madhani) [1788669]\n[3.10.0-1125]\n- [fs] mark struct file that had write access grabbed by open() (Miklos Szeredi) [1679829]\n- [fs] fold __get_file_write_access() into its only caller (Miklos Szeredi) [1679829]\n- [powerpc] get rid of DEBUG_WRITECOUNT (Miklos Szeredi) [1679829]\n- [fs] dont bother with {get, put}_write_access() on non-regular files (Miklos Szeredi) [1679829]\n- [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1784550]\n- [fs] gfs2: gfs2_create_inode(): dont bother with d_splice_alias() (Andreas Grunbacher) [1784550]\n- [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1784550]\n- [fs] libceph: fix PG split vs OSD (re)connect race (Ilya Dryomov) [1785656]\n- [scsi] Fix driver intialization failure for sli4 non nvme (Dick Kennedy) [1783899]\n- [netdrv] hv_netvsc: fix race that may miss tx queue wakeup (Mohammed Gamal) [1781322]\n[3.10.0-1124]\n- [s390] s390: wire up sys_renameat2 (Miklos Szeredi) [1773504]\n- [net] ipvs: do not use random local source address for tunnels (Xin Long) [1786676]\n- [misc] mei: me: add cannon point device ids for 4th device (Jerry Snitselaar) [1745139]\n- [misc] mei: me: add cannon point device ids (Jerry Snitselaar) [1745139]\n- [netdrv] bnxt_en: Support all variants of the 5750X chip family (Jonathan Toppins) [1789345]\n[3.10.0-1123]\n- [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705005] {CVE-2019-11487}\n- [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705005] {CVE-2019-11487}\n- [fs] CIFS: avoid using MID 0xFFFF (Leif Sahlberg) [1771255]\n- [net] netfilter: xt_TRACE: add explicitly nf_logger_find_get call (Phil Sutter) [1774444]\n- [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775236] {CVE-2019-17666}\n[3.10.0-1122]\n- [drm] drm/amd/powerplay: use hardware fan control if no powerplay fan table (Lyude Paul) [1729286]\n- [nvme] nvme-fc: fix double-free scenarios on hw queues (Ewan Milne) [1731286]\n- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779768]\n- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779768] {CVE-2019-19338}\n- [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1782927]\n- [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1782927]\n- [s390] s390/qeth: consolidate skb allocation (Philipp Rudo) [1782927]\n- [s390] s390/qeth: clean up page frag creation (Philipp Rudo) [1782927]\n- [netdrv] i40e: Fix for persistent lldp support (Stefan Assmann) [1782689]\n[3.10.0-1121]\n- [platform] thinkpad_acpi: Dont yell on unsupported brightness interfaces (Lyude Paul) [1305619]\n- [platform] thinkpad-acpi: fix handle locate for video and query of _BCL (Lyude Paul) [1305619]\n- [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1777876]\n- [scsi] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1783016]\n- [scsi] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1783016]\n- [scsi] scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1783016]\n- [powerpc] KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1777710]\n- [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1777710]\n- [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1777710]\n- [net] openvswitch: fix flow command message size (Paolo Abeni) [1776578]\n- [block] brd: re-enable __GFP_HIGHMEM in brd_insert_page() (Jeff Moyer) [1781298]\n- [block] brd: remove dax support (Jeff Moyer) [1781298]\n- [nvme] nvme: dont access the inlined bio after nvmet request is completed (Ming Lei) [1631120]\n- [fs] epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() (Miklos Szeredi) [1780128]\n- [nvme] nvme: fix NULL pointer dereference in nvme_init_subsystem (Ewan Milne) [1781316]\n- [nvme] nvme-fabrics: allow duplicate connections to the discovery controller (Ewan Milne) [1781316]\n- [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1772966]\n[3.10.0-1120]\n- [md] raid5: need to set STRIPE_HANDLE for batch head (Xiao Ni) [1774330]\n- [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1780026]\n- [block] block: dont change REQ_NR_BITS (Ming Lei) [1779712]\n[3.10.0-1119]\n- [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1674266]\n- [vhost] vsock: split packets to send using multiple buffers (Stefano Garzarella) [1777349]\n- [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1767935]\n- [x86] perf/x86: Modify error message in virtualized environment (Michael Petlan) [1759758]\n- [fs] cifs: Fix infinite loop when using hard mount option (Dave Wysochanski) [1770404]\n- [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776157] {CVE-2019-14901}\n[3.10.0-1118]\n- [net] ipv6: support more tunnel interfaces for EUI64 link-local generation (Guillaume Nault) [1770686]\n- [net] netfilter: masquerade: dont flush all conntracks if only one address deleted on device (Patrick Talbert) [1771396]\n- [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1771396]\n- [net] ipvs: fix buffer overflow with sync daemon and service (Davide Caratti) [1725440]\n- [net] ipvs: fix rtnl_lock lockups caused by start_sync_thread (Davide Caratti) [1725440]\n- [net] ipvs: Pass ipvs not net to make_receive_sock (Davide Caratti) [1725440]\n- [net] ipvs: Pass ipvs not net to make_send_sock (Davide Caratti) [1725440]\n- [net] ipvs: Pass ipvs not net to start_sync_thread (Davide Caratti) [1725440]\n- [net] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon (Davide Caratti) [1725440]\n- [net] ipvs: add sync_maxlen parameter for the sync daemon (Davide Caratti) [1725440]\n- [net] ipvs: call rtnl_lock early (Davide Caratti) [1725440]\n- [net] netfilter: dont use mutex_lock_interruptible() (Davide Caratti) [1725440]\n- [net] ipvs: fix memory leak in ip_vs_ctl.c (Davide Caratti) [1725440]\n- [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776206]\n- [scsi] Revert 'qla2xxx: Mark NVMe/FC initiator mode usage as technology preview' (Ewan Milne) [1642968]\n[3.10.0-1117]\n- [x86] x86/speculation: Remove unneeded STIBP code (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [1766540] {CVE-2019-11135}\n- [documentation] x86/speculation: Fix incorrect MDS/TAA mitigation status (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766540] {CVE-2019-11135}\n- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766540] {CVE-2019-11135}\n- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766540] {CVE-2019-11135}\n- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766540] {CVE-2019-11135}\n- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1690343] {CVE-2018-12207}\n- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1690343] {CVE-2018-12207}\n[3.10.0-1116]\n- [netdrv] net/mlx5: Fix auto group size calculation (Alaa Hleihel) [1769309]\n- [mm] x86/io: add interface to reserve io memtype for a resource range. (v1.1) (Dave Airlie) [1739623]\n- [sound] alsa: emux: Fix potential Spectre v1 vulnerabilities (Jaroslav Kysela) [1672561]\n- [s390] s390/smt: Fix s390 SMT reporting (Josh Poimboeuf) [1764184]\n- [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1725396]\n- [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1725396]\n- [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1725396]\n- [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1765975]\n[3.10.0-1115]\n- [scsi] Fix stack tarce when lpfc driver is unloaded (Dick Kennedy) [1774744]\n- [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix partial flash write of MBI (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix device connect issues in P2P configuration (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix a NULL pointer dereference (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix double scsi_done for abort path (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix driver unload hang (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix SRB leak on switch command timeout (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix premature timer expiration (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Uninline qla2x00_init_timer() (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Do command completion on abort timeout (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Dual FCP-NVMe target port support (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Use tabs instead of spaces for indentation (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix N2N link up fail (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix N2N link reset (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Reduce the number of forward declarations (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Remove a superfluous forward declaration (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix stuck login session (Himanshu Madhani) [1731581]\n- [scsi] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (Himanshu Madhani) [1731581]\n- [media] cx24116: fix a buffer overflow when checking userspace params (Jarod Wilson) [1737279] {CVE-2015-9289}\n- [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1760746]\n- [fs] Fix the locking in dcache_readdir() and friends (Ondrej Mosnacek) [1510603]\n- [fs] much milder d_walk() race (Ondrej Mosnacek) [1510603]\n- [fs] libfs.c: new helper - next_positive() (Ondrej Mosnacek) [1510603]\n- [fs] dcache_{readdir, dir_lseek}(): dont bother with nested ->d_lock (Ondrej Mosnacek) [1510603]\n- [security] selinuxfs: dont open-code d_genocide() (Ondrej Mosnacek) [1510603]\n- [fs] fs/dcache: Enable automatic reclaim of excess negative dentries (Waiman Long) [1489573]\n- [fs] fs/dcache: Add sysctl parameter negative-dentry-limit as a soft limit on negative dentries (Waiman Long) [1489573]\n- [fs] fs/dcache: Move percpu count updates out of dcache_lru_lock (Waiman Long) [1489573]\n- [fs] fs/dcache: Dont set DCACHE_REFERENCED on dentries when first put into LRU (Waiman Long) [1489573]\n[3.10.0-1114]\n- [kernel] sched/numa: Fix a possible divide-by-zero (Vladis Dronov) [1765959]\n- [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1773762]\n- [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1773762]\n- [kernel] seccomp: Fix tracer exit notifications during fatal signals (Vladis Dronov) [1770484]\n- [x86] x86/ptrace: run seccomp after ptrace (Vladis Dronov) [1770484]\n- [fs] cifs: Fix retry mid list corruption on reconnects (Dave Wysochanski) [1614201]\n- [fs] cifs: add a warning if we try to to dequeue a deleted mid (Dave Wysochanski) [1614201]\n- [fs] cifs: Fix use after free of a mid_q_entry (Dave Wysochanski) [1614201]\n- [fs] Dont log confusing message on reconnect by default (Dave Wysochanski) [1614201]\n- [fs] ceph: mark Fw cap dirty after splice write (Zheng Yan) [1710751]\n- [fs] cifs: Force reval dentry if LOOKUP_REVAL flag is set (Dave Wysochanski) [1771657]\n- [fs] cifs: Force revalidate inode when dentry is stale (Dave Wysochanski) [1771657]\n- [fs] cifs: Gracefully handle QueryInfo errors during open (Dave Wysochanski) [1771657]\n[3.10.0-1113]\n- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756816] {CVE-2019-0154}\n- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756816] {CVE-2019-0154}\n- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756883] {CVE-2019-0155}\n- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756883] {CVE-2019-0155}\n- [fs] Fix error code in nfs_lookup_verify_inode() (Benjamin Coddington) [1761957]\n- [scsi] scsi: qla2xxx: Initialized mailbox to prevent driver load failure (Himanshu Madhani) [1770307]\n- [powerpc] powerpc/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294]\n- [s390] s390/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294]\n- [s390] s390/seccomp: fix error return for filtered system calls (Vladis Dronov) [1760294]\n- [netdrv] bnxt_en: flow_offload: offload tunnel decap rules via indirect callbacks (Davide Caratti) [1717422]\n- [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1771849]\n- [x86] kvm: x86: skip populating logical dest map if apic is not sw enabled (Bandan Das) [1738496]\n- [x86] kvm: x86: remove unnecessary recalculate_apic_map (Bandan Das) [1738496]\n- [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1750577]\n- [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1750577]\n- [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1750577]\n- [scsi] scsi: bnx2fc: remove set but not used variable 'fh' (Nilesh Javali) [1750577]\n- [scsi] scsi: qedi: Remove WARN_ON from clear task context (Nilesh Javali) [1461697]\n- [scsi] scsi: qedi: Remove WARN_ON for untracked cleanup (Nilesh Javali) [1461697]\n[3.10.0-1112]\n- [scsi] scsi: mpt3sas: change allocation option (Tomas Henzl) [1763796]\n- [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1752061]\n- [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1760668]\n- [net] mac80211: Reject malformed SSID elements (Stanislaw Gruszka) [1748266]\n- [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: pcie: change qu with jf devices to use qu configuration (Stanislaw Gruszka) [1748266]\n- [net] mac80211: fix txq null pointer dereference (Stanislaw Gruszka) [1748266]\n- [net] nl80211: fix null pointer dereference (Stanislaw Gruszka) [1748266]\n- [net] cfg80211: initialize on-stack chandefs (Stanislaw Gruszka) [1748266]\n- [net] cfg80211: validate SSID/MBSSID element ordering assumption (Stanislaw Gruszka) [1748266]\n- [net] nl80211: validate beacon head (Stanislaw Gruszka) [1748266]\n- [net] mac80211: keep BHs disabled while calling drv_tx_wake_queue() (Stanislaw Gruszka) [1748266]\n- [net] cfg80211: Purge frame registrations on iftype change (Stanislaw Gruszka) [1748266]\n- [wireless] rtw88: pci: Use DMA sync instead of remapping in RX ISR (Stanislaw Gruszka) [1748266]\n- [wireless] rtw88: pci: Rearrange the memory usage for skb in RX ISR (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 (Stanislaw Gruszka) [1748266]\n- [net] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (Stanislaw Gruszka) [1748266]\n- [net] mac80211: Do not send Layer 2 Update frame before authorization (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: assign directly to iwl_trans->cfg in QuZ detection (Stanislaw Gruszka) [1748266]\n- [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1748266]\n- [net] mac80211: Correctly set noencrypt for PAE frames (Stanislaw Gruszka) [1748266]\n- [net] mac80211: Dont memset RXCB prior to PAE intercept (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: pcie: handle switching killer Qu B0 NICs to C0 (Stanislaw Gruszka) [1748266]\n- [net] Revert 'cfg80211: fix processing world regdomain when non modular' (Stanislaw Gruszka) [1748266]\n- [net] mac80211: fix possible sta leak (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: pcie: fix recognition of QuZ devices (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: pcie: dont switch FW to qnj when ax201 is detected (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: pcie: fix the byte count table format for 22560 devices (Stanislaw Gruszka) [1748266]\n- [wireless] iwlwifi: mvm: Allow multicast data frames only when associated (Stanislaw Gruszka) [1748266]\n- [netdrv] i40e: initialize ITRN registers with correct values (Stefan Assmann) [1630307]\n- [net] tuntap: synchronize through tfiles array instead of tun->numqueues (Eugenio Perez) [1713616]\n- [net] tuntap: fix use after free during release (Eugenio Perez) [1713616]\n- [net] tun: fix use after free for ptr_array (Eugenio Perez) [1713616]\n- [net] tun/tap: sanitize TUNSETSNDBUF input (Eugenio Perez) [1713616]\n- [block] block: Dont merge requests if integrity flags differ (Ming Lei) [1767605]\n- [block] blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (Ming Lei) [1767605]\n- [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1769569]\n- [netdrv] qede: fix NULL pointer deref in __qede_remove() (Manish Chopra) [1766574]\n- [fs] xfs: only trace buffer items if they exist (Brian Foster) [1768722]\n- [nvme] nvme: make fabrics command run on a separate request queue (David Milburn) [1769900]\n- [nvme] nvme: Restart request timers in resetting state (David Milburn) [1769900]\n- [nvme] nvme-rdma: fix possible use-after-free in connect timeout (David Milburn) [1769900]\n- [netdrv] i40e: enable X710 support (Stefan Assmann) [1764987]\n[3.10.0-1111]\n- [md] md: support for queue flag QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1767472]\n- [net] ipv4: Return -ENETUNREACH if we cant create route but saddr is valid (Stefano Brivio) [1633140]\n- [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1753480]\n- [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1753480]\n- [net] sock: fix lockdep annotation in release_sock (Paolo Abeni) [1753150]\n- [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1757943]\n- [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1757943]\n- [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1757943]\n[3.10.0-1110]\n- [nvme] nvme-pci: Fix controller freeze wait disabling (David Milburn) [1766279]\n- [net] mac80211: fix kfree() on stack memory in ieee80211_crypto_aes_gmac_decrypt() (Stanislaw Gruszka) [1764510]\n- [md] dm rq: fix handling underlying queue busy (Ming Lei) [1767482]\n[3.10.0-1109]\n- [netdrv] net/mlx5e: Initialize on stack link modes bitmap (Alaa Hleihel) [1764272]\n- [netdrv] net/mlx5e: Fix ethtool self test: link speed (Alaa Hleihel) [1764272]\n- [netdrv] net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (Alaa Hleihel) [1764272]\n- [fs] xfs: end sync buffer I/O properly on shutdown error (Brian Foster) [1750602]\n- [fs] xfs: kill __xfs_buf_submit_common() (Brian Foster) [1750602]\n- [fs] xfs: combinesync buffer submission apis (Brian Foster) [1750602]\n- [fs] xfs: lobotomise xfs_trans_read_buf_map() (Brian Foster) [1750602]\n- [fs] cifs: Fix use after free of file info structures (Dave Wysochanski) [1757872]\n- [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1758001]\n- [mm] mm, compaction: avoid isolating pinned pages (Rafael Aquini) [1344862]\n- [scsi] scsi: smartpqi: change TMF timeout from 60 to 30 seconds (Don Brace) [1709620]\n- [scsi] scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (Don Brace) [1709620]\n- [scsi] scsi: smartpqi: add inquiry timeouts (Don Brace) [1709620]\n- [scsi] scsi: smartpqi: increase LUN reset timeout (Don Brace) [1709620]\n- [firmware] x86, efi: never relocate kernel below lowest acceptable address (Kairui Song) [1732737]\n- [powerpc] powerpc: dump kernel log before carrying out fadump or kdump (Desnes Augusto Nunes do Rosario) [1750250]\n- [s390] s390/cpumsf: Check for CPU Measurement sampling (Philipp Rudo) [1765124]\n- [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1765123]\n- [mm] s390/mm: Fix swiotlb for protected virtualization (Philipp Rudo) [1765122]\n[3.10.0-1108]\n- [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1748306]\n- [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1748306]\n- [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1748306]\n- [scsi] hpsa: update driver version (Joseph Szczypek) [1761978]\n- [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1761978]\n- [tty] TTY: serial_core, add ->install (Kenneth Yin) [1443152]\n- [scsi] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (Ewan Milne) [1734685]\n- [fs] scsi: sysfs: Introduce sysfs_{un, }break_active_protection() (Ewan Milne) [1734685]\n[3.10.0-1107]\n- [x86] x86/kdump: Reserve extra memory when SME or SEV is active (Kairui Song) [1724887]\n- [block] block: fix blk_recount_segments (Ming Lei) [1762459]\n- [nvme] nvme-pci: Fix a race in controller removal (Gopal Tiwari) [1761998]\n- [char] hpet: Fix output of hpet_mmap kernel parameter (Prarit Bhargava) [1764790]\n- [tools] perf tools: Apply new CPU topology sysfs attributes (Jiri Olsa) [1640900]\n- [tools] perf header: Rename 'sibling cores' to 'sibling sockets' (Jiri Olsa) [1640900]\n- [tools] perf stat: Support per-die aggregation (Jiri Olsa) [1640900]\n- [tools] perf stat: Support 'percore' event qualifier (Jiri Olsa) [1640900]\n- [tools] perf stat: Factor out aggregate counts printing (Jiri Olsa) [1640900]\n- [tools] perf tools: Add a 'percore' event qualifier (Jiri Olsa) [1640900]\n- [tools] perf header: Add die information in CPU topology (Jiri Olsa) [1640900]\n- [tools] perf cpumap: Retrieve die id information (Jiri Olsa) [1640900]\n- [tools] perf tools: Use sysfs__mountpoint() when reading cpu topology (Jiri Olsa) [1640900]\n- [tools] perf tools: Add numa_topology object (Jiri Olsa) [1640900]\n- [tools] perf header: Fix wrong node write in NUMA_TOPOLOGY feature (Jiri Olsa) [1640900]\n- [tools] perf tools: Add cpu_topology object (Jiri Olsa) [1640900]\n- [tools] perf header: Remove unused 'cpu_nr' field from 'struct cpu_topo' (Jiri Olsa) [1640900]\n- [acpi] ACPICA: Increase total number of possible Owner IDs (Frank Ramsay) [1756339]\n- [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1764567]\n- [netdrv] mark the intel igc driver as tech preview (David Arcari) [1721615]\n- [netdrv] igc: Clean up unused shadow_vfta pointer (David Arcari) [1721615]\n- [netdrv] igc: Add Rx checksum support (David Arcari) [1721615]\n- [netdrv] igc: Add set_rx_mode support (David Arcari) [1721615]\n- [netdrv] igc: Add SCTP CRC checksumming functionality (David Arcari) [1721615]\n- [netdrv] igc: Add tx_csum offload functionality (David Arcari) [1721615]\n- [netdrv] igc: Remove unneeded PCI bus defines (David Arcari) [1721615]\n- [netdrv] igc: Add NVM checksum validation (David Arcari) [1721615]\n- [netdrv] igc: Remove useless forward declaration (David Arcari) [1721615]\n- [netdrv] ethernet: Delete unnecessary checks before the macro call 'dev_kfree_skb' (David Arcari) [1721615]\n- [netdrv] igc: Add more SKUs for i225 device (David Arcari) [1721615]\n- [netdrv] igc: Update the MAC reset flow (David Arcari) [1721615]\n- [netdrv] igc: Remove the unused field from a device specification structure (David Arcari) [1721615]\n- [netdrv] igc: Remove the polarity field from a PHY information structure (David Arcari) [1721615]\n- [netdrv] igc: Prefer pcie_capability_read_word() (David Arcari) [1721615]\n- [netdrv] igc: Cleanup the redundant code (David Arcari) [1721615]\n- [netdrv] igc: Add flow control support (David Arcari) [1721615]\n- [netdrv] igc: Remove the obsolete workaround (David Arcari) [1721615]\n- [netdrv] igc: Clean up unused pointers (David Arcari) [1721615]\n- [netdrv] igc: Fix double definitions (David Arcari) [1721615]\n- [netdrv] igb/igc: warn when fatal read failure happens (David Arcari) [1721615]\n- [netdrv] Revert 'mark the intel igc driver as tech preview' (David Arcari) [1721615]\n- [md] dm: Use kzalloc for all structs with embedded biosets/mempools (Mike Snitzer) [1766389]\n[3.10.0-1106]\n- [net] sysfs: Fix mem leak in netdev_register_kobject (Stefano Brivio) [1752690] {CVE-2019-15916}\n- [fs] revert [fs] cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (Dave Wysochanski) [1757872]\n- [fs] revert [fs] cifs: add spinlock for the openFileList to cifsInodeInfo (Dave Wysochanski) [1757872]\n- [fs] revert [fs] cifs: add more spinlocks to pretect against races (Dave Wysochanski) [1757872]\n- [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1749390]\n- [mm] percpu: remove spurious lock dependency between percpu and sched (Vladis Dronov) [1744633]\n- [mm] percpu: stop printing kernel addresses (Vladis Dronov) [1744633]\n- [mm] percpu: use chunk scan_hint to skip some scanning (Vladis Dronov) [1744633]\n- [mm] percpu: convert chunk hints to be based on pcpu_block_md (Vladis Dronov) [1744633]\n- [mm] percpu: make pcpu_block_md generic (Vladis Dronov) [1744633]\n- [mm] percpu: use block scan_hint to only scan forward (Vladis Dronov) [1744633]\n- [mm] percpu: remember largest area skipped during allocation (Vladis Dronov) [1744633]\n- [mm] percpu: add block level scan_hint (Vladis Dronov) [1744633]\n- [mm] percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE (Vladis Dronov) [1744633]\n- [mm] percpu: relegate chunks unusable when failing small allocations (Vladis Dronov) [1744633]\n- [mm] percpu: manage chunks based on contig_bits instead of free_bytes (Vladis Dronov) [1744633]\n- [mm] percpu: introduce helper to determine if two regions overlap (Vladis Dronov) [1744633]\n- [mm] percpu: do not search past bitmap when allocating an area (Vladis Dronov) [1744633]\n- [mm] percpu: update free path with correct new free region (Vladis Dronov) [1744633]\n- [mm] mm/percpu: add checks for the return value of memblock_alloc*() (Vladis Dronov) [1744633]\n- [mm] percpu: km: no need to consider pcpu_group_offsets (Vladis Dronov) [1744633]\n- [mm] percpu: use nr_groups as check condition (Vladis Dronov) [1744633]\n- [mm] percpu: stop leaking bitmap metadata blocks (Vladis Dronov) [1744633]\n- [fs] /proc/meminfo: add percpu populated pages count (Vladis Dronov) [1744633]\n- [mm] mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balance_workfn() (Vladis Dronov) [1744633]\n- [mm] percpu: include linux/sched.h for cond_resched() (Vladis Dronov) [1744633]\n- [mm] percpu: add a schedule point in pcpu_balance_workfn() (Vladis Dronov) [1744633]\n- [mm] percpu: fix iteration to prevent skipping over block (Vladis Dronov) [1744633]\n- [mm] percpu: fix starting offset for chunk statistics traversal (Vladis Dronov) [1744633]\n- [mm] percpu: update header to contain bitmap allocator explanation (Vladis Dronov) [1744633]\n- [mm] percpu: update pcpu_find_block_fit to use an iterator (Vladis Dronov) [1744633]\n- [mm] percpu: use metadata blocks to update the chunk contig hint (Vladis Dronov) [1744633]\n- [mm] percpu: update free path to take advantage of contig hints (Vladis Dronov) [1744633]\n- [mm] percpu: update alloc path to only scan if contig hints are broken (Vladis Dronov) [1744633]\n- [mm] percpu: keep track of the best offset for contig hints (Vladis Dronov) [1744633]\n- [mm] percpu: skip chunks if the alloc does not fit in the contig hint (Vladis Dronov) [1744633]\n- [mm] percpu: add first_bit to keep track of the first free in the bitmap (Vladis Dronov) [1744633]\n- [mm] percpu: introduce bitmap metadata blocks (Vladis Dronov) [1744633]\n- [mm] percpu: replace area map allocator with bitmap (Vladis Dronov) [1744633]\n- [mm] percpu: generalize bitmap (un)populated iterators (Vladis Dronov) [1744633]\n- [mm] percpu: increase minimum percpu allocation size and align first regions (Vladis Dronov) [1744633]\n- [mm] percpu: introduce nr_empty_pop_pages to help empty page accounting (Vladis Dronov) [1744633]\n- [mm] percpu: change the number of pages marked in the first_chunk pop bitmap (Vladis Dronov) [1744633]\n- [mm] percpu: combine percpu address checks (Vladis Dronov) [1744633]\n- [mm] percpu: modify base_addr to be region specific (Vladis Dronov) [1744633]\n- [mm] percpu: setup_first_chunk rename schunk/dchunk to chunk (Vladis Dronov) [1744633]\n- [mm] percpu: end chunk area maps page aligned for the populated bitmap (Vladis Dronov) [1744633]\n- [mm] percpu: unify allocation of schunk and dchunk (Vladis Dronov) [1744633]\n- [mm] percpu: setup_first_chunk remove dyn_size and consolidate logic (Vladis Dronov) [1744633]\n- [mm] percpu: remove has_reserved from pcpu_chunk (Vladis Dronov) [1744633]\n- [mm] percpu: introduce start_offset to pcpu_chunk (Vladis Dronov) [1744633]\n- [mm] percpu: setup_first_chunk enforce dynamic region must exist (Vladis Dronov) [1744633]\n- [mm] percpu: update the header comment and pcpu_build_alloc_info comments (Vladis Dronov) [1744633]\n- [mm] percpu: expose pcpu_nr_empty_pop_pages in pcpu_stats (Vladis Dronov) [1744633]\n- [mm] percpu: change the format for percpu_stats output (Vladis Dronov) [1744633]\n- [mm] percpu: pcpu-stats change void buffer to int buffer (Vladis Dronov) [1744633]\n- [mm] percpu: fix static checker warnings in pcpu_destroy_chunk (Vladis Dronov) [1744633]\n- [mm] percpu: fix early calls for spinlock in pcpu_stats (Vladis Dronov) [1744633]\n- [mm] percpu: resolve err may not be initialized in pcpu_alloc (Vladis Dronov) [1744633]\n- [mm] percpu: add tracepoint support for percpu memory (Vladis Dronov) [1744633]\n- [mm] percpu: expose statistics about percpu memory via debugfs (Vladis Dronov) [1744633]\n- [mm] percpu: migrate percpu data structures to internal header (Vladis Dronov) [1744633]\n- [mm] percpu: add missing lockdep_assert_held to func pcpu_free_area (Vladis Dronov) [1744633]\n- [mm] percpu: ensure the requested alignment is power of two (Vladis Dronov) [1744633]\n- [mm] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis Dronov) [1744633]\n- [mm] mm/percpu: use offset_in_page macro (Vladis Dronov) [1744633]\n- [mm] percpu: clean up of schunk->mapassignment in pcpu_setup_first_chunk (Vladis Dronov) [1744633]\n- [mm] mm/percpu.c: fix panic triggered by BUG_ON() falsely (Vladis Dronov) [1744633]\n- [mm] mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() (Vladis Dronov) [1744633]\n- [mm] mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() (Vladis Dronov) [1744633]\n- [mm] mm: percpu: use pr_fmt to prefix output (Vladis Dronov) [1744633]\n(Vladis Dronov) [1744633]\n- [mm] mm: coalesce split strings (Vladis Dronov) [1744633]\n- [mm] mm: convert pr_warning to pr_warn (Vladis Dronov) [1744633]\n- [mm] percpu: use *pbto print bitmaps including cpumasks and nodemasks (Vladis Dronov) [1744633]\n- [mm] percpu: off by one in BUG_ON() (Vladis Dronov) [1744633]\n- [mm] mm/percpu.c: use memblock apis for early memory allocations (Vladis Dronov) [1744633]\n- [mm] percpu: use VMALLOC_TOTAL instead of VMALLOC_END - VMALLOC_START (Vladis Dronov) [1744633]\n- [mm] percpu: fix bootmem error handling in pcpu_page_first_chunk() (Vladis Dronov) [1744633]\n[3.10.0-1105]\n- [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1731579]\n- [scsi] scsi: core: Log SCSI command age with errors (Ewan Milne) [1751716]\n- [security] selinux: fix context string corruption in convert_context() (Ondrej Mosnacek) [1759803]\n- [usb] xhci: Prevent deadlock when xhci adapter breaks during init (Torez Smith) [1710090]\n- [scsi] scsi: core: add new RDAC LENOVO/DE_Series device (Ewan Milne) [1699439]\n- [wireless] Correct strange error in Makefiles for building modules in separate directories (Neil Horman) [1753927]\n- [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1758603]\n- [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1758603]\n- [drm] i915: Stop reconfiguring our shmemfs mountpoint (Vladis Dronov) [1759980]\n- [kernel] perf/core: Fix perf_event_open() vs. execve() race (Jiri Olsa) [1701620] {CVE-2019-3901}\n[3.10.0-1104]\n- [md] raid5: dont set STRIPE_HANDLE to stripe which is in batch list (Nigel Croxon) [1631765 1750287]\n- [kernel] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Vladis Dronov) [1760639]\n- [kernel] alarmtimer: Remove unused but set variable (Vladis Dronov) [1760639]\n- [x86] efi/x86: do not clean dummy variable in kexec path (Bhupesh Sharma) [1707669]\n- [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1756843]\n- [x86] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (David Arcari) [1730884]\n- [infiniband] RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (Selvin Xavier) [1629037]\n- [infiniband] RDMA/bnxt_re: Increase depth of control path command queue (Selvin Xavier) [1629037]\n- [x86] x86/efi/pti: In __load_cr3(), EFI PGD has no shadow (Lenny Szubowicz) [1750767]\n- [char] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (Prarit Bhargava) [1660800]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-06T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-12207", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11135", "CVE-2019-11190", "CVE-2019-11487", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14901", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-17666", "CVE-2019-18660", "CVE-2019-19338", "CVE-2019-3901", "CVE-2019-9503"], "modified": "2020-04-06T00:00:00", "id": "ELSA-2020-1016", "href": "http://linux.oracle.com/errata/ELSA-2020-1016.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-25T14:43:46", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14283", "CVE-2019-14821", "CVE-2019-15239", "CVE-2019-15666"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4808.NASL", "href": "https://www.tenable.com/plugins/nessus/129515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4808.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14283\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4808.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.32.1.el6uek', '4.1.12-124.32.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4808');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:42:34", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-209-2.0-0175", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15239", "CVE-2019-15926"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/128725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-209-2.0-0175. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128725);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-15239\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-209-2.0-0175\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-175.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.189-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2023-02-10T14:50:48", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0043)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-20169", "CVE-2019-14283", "CVE-2019-17666", "CVE-2019-3901"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0043_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/141405", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0043. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141405);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2015-9289\",\n \"CVE-2017-17807\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-14283\",\n \"CVE-2019-17666\"\n );\n script_bugtraq_id(89937, 102301);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to\n the current task's default request-key keyring via the request_key() system call, allowing a local user\n to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write\n permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a\n certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it\n is possible for the specified target task to perform an execve() syscall with setuid execution before\n perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check\n and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged\n execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0043\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed',\n 'kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.33.429.g62477ed'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:44:21", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - NFSv4: Don't try to reclaim unused state owners (Trond Myklebust) \n\n - x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 30302412]\n\n - floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318219] (CVE-2019-14283)\n\n - xen-netback: stop netif TX queue on guest queuing failure (Ankur Arora) [Orabug: 30351050]", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-03T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0046)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14283"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0046.NASL", "href": "https://www.tenable.com/plugins/nessus/129550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0046.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129550);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-14283\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0046)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - NFSv4: Don't try to reclaim unused state owners (Trond\n Myklebust) \n\n - x86/microcode: Update late microcode in parallel (Ashok\n Raj) [Orabug: 30302412]\n\n - floppy: fix out-of-bounds read in copy_buffer (Denis\n Efremov) [Orabug: 30318219] (CVE-2019-14283)\n\n - xen-netback: stop netif TX queue on guest queuing\n failure (Ankur Arora) [Orabug: 30351050]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2019-October/000961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30356e8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.32.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.32.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-05T15:24:48", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7 (BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration (BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full (BZ# 1766098)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3979 and \n# CentOS Errata and Security Advisory 2019:3979 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131571);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing\n(breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000\n(BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7\n(BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is\ncalled from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through\nreboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration\n(BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash\nthe LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce\ntest (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full\n(BZ# 1766098)\");\n # https://lists.centos.org/pipermail/centos-announce/2019-December/023536.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d36315bc\");\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035574.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?452de8fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T15:05:18", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3979 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131519", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-3979.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131519);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-3979 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-3979.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.7.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-3979');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:22:24", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7 (BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration (BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full (BZ# 1766098)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3979. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131379);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing\n(breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000\n(BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7\n(BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is\ncalled from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through\nreboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration\n(BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash\nthe LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce\ntest (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full\n(BZ# 1766098)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15239\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\", \"CVE-2019-15239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3979\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3979\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:23:53", "description": "Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nBug Fix(es) :\n\n - On SL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale)\n\n - SL7 fnic spamming logs: Current vnic speed set to :\n 40000\n\n - kernel build: parallelize redhat/mod-sign.sh\n\n - kernel build: speed up module compression step\n\n - Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests\n\n - NULL pointer dereference at check_preempt_wakeup+0x109\n\n - Regression: panic in pick_next_task_rt\n\n - ixgbe reports 'Detected Tx Unit Hang' with adapter reset on SL 7\n\n - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.\n\n - nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler\n\n - [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment\n\n - OS getting restarted because of driver issue with QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02).\n\n - mlx5: Load balancing not working over VF LAG configuration\n\n - SL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR\n\n - SL7.5 - Fix security issues on crypto vmx\n\n - SL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test\n\n - SL7.6 - cacheinfo code unsafe vs LPM\n\n - xfs hangs on acquiring xfs_buf semaphore\n\n - single CPU VM hangs during open_posix_testsuite\n\n - rcu_sched self-detected stall on CPU while booting with nohz_full", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191205_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131832);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer\n (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple\n use-after-free conditions results in privilege\n escalation (CVE-2019-15239)\n\nBug Fix(es) :\n\n - On SL 7.7 kernel SCSI VPD information for NVMe drives is\n missing (breaks InfoScale)\n\n - SL7 fnic spamming logs: Current vnic speed set to :\n 40000\n\n - kernel build: parallelize redhat/mod-sign.sh\n\n - kernel build: speed up module compression step\n\n - Nested VirtualBox VMs on Windows guest has the potential\n of impacting memory region allocated to other KVM guests\n\n - NULL pointer dereference at check_preempt_wakeup+0x109\n\n - Regression: panic in pick_next_task_rt\n\n - ixgbe reports 'Detected Tx Unit Hang' with adapter reset\n on SL 7\n\n - [Intel 7.8 Bug] [KVM][CLX]\n CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.\n\n - nvme: dead loop in\n blk_mq_tagset_wait_completed_request() when it is called\n from timeout handler\n\n - [mlx5] VF Representer naming is not\n consistent/persistent through reboots with OSPD\n deployment\n\n - OS getting restarted because of driver issue with QLogic\n Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA\n [1077:2532] (rev 02).\n\n - mlx5: Load balancing not working over VF LAG\n configuration\n\n - SL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c\n (crypto) crash the LPAR\n\n - SL7.5 - Fix security issues on crypto vmx\n\n - SL 7.7 RC1 - Host crashes about 4.5 hours into switch\n port bounce test\n\n - SL7.6 - cacheinfo code unsafe vs LPM\n\n - xfs hangs on acquiring xfs_buf semaphore\n\n - single CPU VM hangs during open_posix_testsuite\n\n - rcu_sched self-detected stall on CPU while booting with\n nohz_full\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=7121\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7767f8d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:20:55", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:3978)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3978.NASL", "href": "https://www.tenable.com/plugins/nessus/131378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3978. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131378);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3978\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:3978)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15239\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\", \"CVE-2019-15239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3978\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3978\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:12:06", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] Potential kernel crash in __tcp_retransmit_skb(). It was discovered that a local unprivileged attacker could use a specially crafted sequence of system calls to trigger either a kernel crash in __tcp_retransmit_skb() or use-after-free conditions, which could result in privilege escalation.\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] KVM: Out-of-bounds memory access via MMIO ring buffer.\n An issue was found in the implementation of the coalesced MMIO write operation in KVM. The indices used to access an MMIO ring buffer could be supplied by a user-space process in the host system. An attacker with access to /dev/kvm could use this flaw to trigger out-of-bounds memory access and crash the host kernel or, potentially, escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-086)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-086.NASL", "href": "https://www.tenable.com/plugins/nessus/133463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133463);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21]\n Potential kernel crash in __tcp_retransmit_skb(). It\n was discovered that a local unprivileged attacker could\n use a specially crafted sequence of system calls to\n trigger either a kernel crash in __tcp_retransmit_skb()\n or use-after-free conditions, which could result in\n privilege escalation.\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21]\n KVM: Out-of-bounds memory access via MMIO ring buffer.\n An issue was found in the implementation of the\n coalesced MMIO write operation in KVM. The indices used\n to access an MMIO ring buffer could be supplied by a\n user-space process in the host system. An attacker with\n access to /dev/kvm could use this flaw to trigger\n out-of-bounds memory access and crash the host kernel\n or, potentially, escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-086\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae500723\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beb8144c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c61d1e3b\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c312f3a6\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b984849f\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef5b9f31\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9257f5d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d05611b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-91.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:09:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0027 advisory.\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2020:0027)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_3"], "id": "REDHAT-RHSA-2020-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/132686", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0027. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132686);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2020:0027\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2020:0027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0027 advisory.\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation\n (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1746708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1747353\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-11.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-10.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-9.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-6.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_2-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.3.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_3-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-11.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_2-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.3.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_3-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062_1_1 / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T20:55:49", "description": "The version of AOS installed on the remote host is prior to 5.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.10 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_10.NASL", "href": "https://www.tenable.com/plugins/nessus/164558", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164558);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.10. It is, therefore, affected by multiple vulnerabilities\nas referenced in the NXSA-AOS-5.10 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.10\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?feeda9d8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.10 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.10 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:57:25", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4812 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. (CVE-2011-5327)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-04T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4812)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5327", "CVE-2019-14283"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4812.NASL", "href": "https://www.tenable.com/plugins/nessus/129575", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4812.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129575);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2011-5327\", \"CVE-2019-14283\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4812)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4812 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c\n tcm_loop_make_naa_tpg() function could result in at least memory corruption. (CVE-2011-5327)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4812.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-5327\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.315.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4812');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.315.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.315.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.315.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.315.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.315.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.315.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.315.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.315.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.315.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.315.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:51:06", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\n (CVE-2019-19338)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0041)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-20169", "CVE-2019-11135", "CVE-2019-14283", "CVE-2019-17666", "CVE-2019-19338", "CVE-2019-3901", "CVE-2019-9456"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/141400", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0041. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141400);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2015-9289\",\n \"CVE-2017-17807\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-9456\",\n \"CVE-2019-14283\",\n \"CVE-2019-17666\",\n \"CVE-2019-19338\"\n );\n script_bugtraq_id(89937, 102301);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0041)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to\n the current task's default request-key keyring via the request_key() system call, allowing a local user\n to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write\n permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a\n certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where,\n the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error\n occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by\n the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction\n mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism\n to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that\n host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\n (CVE-2019-19338)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it\n is possible for the specified target task to perform an execve() syscall with setuid execution before\n perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check\n and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged\n execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation. (CVE-2019-9456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0041\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:44:33", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14157-1 advisory.\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. (CVE-2019-13631)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2018-20855", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14157-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150618", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14157-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150618);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2015-9289\",\n \"CVE-2018-20855\",\n \"CVE-2019-1125\",\n \"CVE-2019-11810\",\n \"CVE-2019-13631\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14157-1\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14157-1 advisory.\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of\n stack memory to userspace. (CVE-2018-20855)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a\n malicious USB device can send an HID report that triggers an out-of-bounds write during generation of\n debugging messages. (CVE-2019-13631)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params\n division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry\n with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should\n be called. It can be triggered by an unprivileged local user even when a floppy disk has not been\n inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1134390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1134399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1138744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1142023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143191\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-August/005859.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542ab5fc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-9289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-9289\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.101', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.101', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.101', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.101', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.101', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:34:41", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.\n During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. (CVE-2018-1087)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (CVE-2018-10878)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0028)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1087", "CVE-2018-10878", "CVE-2019-15239"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/136910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0028. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136910);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-10878\", \"CVE-2019-15239\");\n script_bugtraq_id(104127, 104903);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - kernel KVM before versions kernel 4.16, kernel 4.16-rc7,\n kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is\n vulnerable to a flaw in the way the Linux kernel's KVM\n hypervisor handled exceptions delivered after a stack\n switch operation via Mov SS or Pop SS instructions.\n During the stack switch operation, the processor did not\n deliver interrupts and exceptions, rather they are\n delivered once the first instruction after the stack\n switch is executed. An unprivileged KVM guest user could\n use this flaw to crash the guest or, potentially,\n escalate their privileges in the guest. (CVE-2018-1087)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (CVE-2018-10878)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c\n change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm\n kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended\n to be fixed by backporting. Specifically, by adding to a\n write queue between disconnection and re-connection, a\n local attacker can trigger multiple use-after-free\n conditions. This can result in a kernel crash, or\n potentially in privilege escalation. NOTE: this affects\n (for example) Linux distributions that use 4.9.x\n longterm kernels before 4.9.190 or 4.14.x longterm\n kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0028\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:58:50", "description": "This update for the Linux Kernel 4.4.180-94_103 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3230-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132000", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132000);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-13272\", \"CVE-2019-15239\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3230-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_103 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193230-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aff9b4ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3230=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3230=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-3218=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-3226=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:56:26", "description": "This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3228-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131999);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193228-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30bcfa67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3228=1 SUSE-SLE-SAP-12-SP3-2019-3229=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3228=1 SUSE-SLE-SERVER-12-SP3-2019-3229=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:57:03", "description": "This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to\nimproper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b4377d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3256=1 SUSE-SLE-SAP-12-SP3-2019-3257=1\nSUSE-SLE-SAP-12-SP3-2019-3258=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3256=1 SUSE-SLE-SERVER-12-SP3-2019-3257=1\nSUSE-SLE-SERVER-12-SP3-2019-3258=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-debuginfo-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-debuginfo-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-debuginfo-6-2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:43:22", "description": "Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.04 : linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, (USN-4114-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10638", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-3900"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4114-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4114-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128474);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-10638\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3900\");\n script_xref(name:\"USN\", value:\"4114-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.04 : linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, (USN-4114-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Amit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4114-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-10638\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3900\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4114-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1015-gke\", pkgver:\"5.0.0-1015.15~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1018-azure\", pkgver:\"5.0.0-1018.19~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-27-generic\", pkgver:\"5.0.0-27.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-27-generic-lpae\", pkgver:\"5.0.0-27.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-27-lowlatency\", pkgver:\"5.0.0-27.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1018.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.0.0.27.84\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.0.0.27.84\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1015.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.0.0.27.84\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.0.0.27.84\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.0.0.27.84\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1015-gcp\", pkgver:\"5.0.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1015-kvm\", pkgver:\"5.0.0-1015.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1015-raspi2\", pkgver:\"5.0.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1018-azure\", pkgver:\"5.0.0-1018.19\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1019-snapdragon\", pkgver:\"5.0.0-1019.20\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-27-generic\", pkgver:\"5.0.0-27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-27-generic-lpae\", pkgver:\"5.0.0-27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-27-lowlatency\", pkgver:\"5.0.0-27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1018.17\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1015.41\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1015.41\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1015.15\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.27.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1015.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1019.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.27.28\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:43:11", "description": "It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-10638", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-3900"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4116-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4116-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128476);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-20856\", \"CVE-2019-10638\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3900\");\n script_xref(name:\"USN\", value:\"4116-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free error existed in the block\nlayer subsystem of the Linux kernel when certain failure conditions\noccurred. A local attacker could possibly use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4116-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20856\", \"CVE-2019-10638\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3900\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4116-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1056-kvm\", pkgver:\"4.4.0-1056.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1092-aws\", pkgver:\"4.4.0-1092.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1120-raspi2\", pkgver:\"4.4.0-1120.129\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1124-snapdragon\", pkgver:\"4.4.0-1124.130\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-161-generic\", pkgver:\"4.4.0-161.189\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-161-generic-lpae\", pkgver:\"4.4.0-161.189\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-161-lowlatency\", pkgver:\"4.4.0-161.189\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1092.96\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.161.169\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.161.169\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1056.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.161.169\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1120.120\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1124.116\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.161.169\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:42:17", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed. If a PCI physical function is passed through to a Xen guest, the guest is able to access its memory and I/O regions before enabling decoding of those regions. This could result in a denial-of-service (unexpected NMI) on the host.\n\n The fix for this is incompatible with qemu versions before 2.5.\n\n - CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAP_NET_ADMIN capability (in any user namespace) could use this for denial-of-service (memory corruption or crash) or possibly for privilege escalation.\n\n - CVE-2018-5995 ADLab of VenusTech discovered that the kernel logged the virtual addresses assigned to per-CPU data, which could make it easier to exploit other vulnerabilities.\n\n - CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI (SAS) devices, which could lead to a use-after-free. It is not clear how this might be exploited.\n\n - CVE-2018-20856 Xiao Jin reported a potential double-free in the block subsystem, in case an error occurs while initialising the I/O scheduler for a block device. It is not clear how this might be exploited.\n\n - CVE-2019-1125 It was discovered that most x86 processors could speculatively skip a conditional SWAPGS instruction used when entering the kernel from user mode, and/or could speculatively execute it when it should be skipped. This is a subtype of Spectre variant 1, which could allow local users to obtain sensitive information from the kernel or other processes. It has been mitigated by using memory barriers to limit speculative execution.\n Systems using an i386 kernel are not affected as the kernel does not use SWAPGS.\n\n - CVE-2019-3882 It was found that the vfio implementation did not limit the number of DMA mappings to device memory. A local user granted ownership of a vfio device could use this to cause a denial of service (out-of-memory condition).\n\n - CVE-2019-3900 It was discovered that vhost drivers did not properly control the amount of work done to service requests from guest VMs. A malicious guest could use this to cause a denial-of-service (unbounded CPU usage) on the host.\n\n - CVE-2019-10207 The syzkaller tool found a potential null dereference in various drivers for UART-attached Bluetooth adapters. A local user with access to a pty device or other suitable tty device could use this for denial-of-service (BUG/oops).\n\n - CVE-2019-10638 Amit Klein and Benny Pinkas discovered that the generation of IP packet IDs used a weak hash function, 'jhash'. This could enable tracking individual computers as they communicate with different remote servers and from different networks. The 'siphash' function is now used instead.\n\n - CVE-2019-10639 Amit Klein and Benny Pinkas discovered that the generation of IP packet IDs used a weak hash function that incorporated a kernel virtual address. This hash function is no longer used for IP IDs, although it is still used for other purposes in the network stack.\n\n - CVE-2019-13631 It was discovered that the gtco driver for USB input tablets could overrun a stack buffer with constant data while parsing the device's descriptor. A physically present user with a specially constructed USB device could use this to cause a denial-of-service (BUG/oops), or possibly for privilege escalation.\n\n - CVE-2019-13648 Praveen Pandey reported that on PowerPC (ppc64el) systems without Transactional Memory (TM), the kernel would still attempt to restore TM state passed to the sigreturn() system call. A local user could use this for denial-of-service (oops).\n\n - CVE-2019-14283 The syzkaller tool found a missing bounds check in the floppy disk driver. A local user with access to a floppy disk device, with a disk present, could use this to read kernel memory beyond the I/O buffer, possibly obtaining sensitive information.\n\n - CVE-2019-14284 The syzkaller tool found a potential division-by-zero in the floppy disk driver. A local user with access to a floppy disk device could use this for denial-of-service (oops).\n\n - CVE-2019-15239 Denis Andzakovic reported a possible use-after-free in the TCP sockets implementation. A local user could use this for denial-of-service (memory corruption or crash) or possibly for privilege escalation.\n\n - (CVE ID not yet assigned)\n\n The netfilter conntrack subsystem used kernel addresses as user-visible IDs, which could make it easier to exploit other security vulnerabilities.\n\n - XSA-300\n\n Julien Grall reported that Linux does not limit the amount of memory which a domain will attempt to balloon out, nor limits the amount of 'foreign / grant map' memory which any individual guest can consume, leading to denial of service conditions (for host or guests).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Debian DSA-4497-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2150", "CVE-2015-8553", "CVE-2017-18509", "CVE-2018-20836", "CVE-2018-20856", "CVE-2018-5995", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-1125", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15239", "CVE-2019-3882", "CVE-2019-3900"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4497.NASL", "href": "https://www.tenable.com/plugins/nessus/127867", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4497. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127867);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2015-8553\", \"CVE-2017-18509\", \"CVE-2018-20836\", \"CVE-2018-20856\", \"CVE-2018-5995\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-1125\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-15239\", \"CVE-2019-3882\", \"CVE-2019-3900\");\n script_xref(name:\"DSA\", value:\"4497\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DSA-4497-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2015-8553\n Jan Beulich discovered that CVE-2015-2150 was not\n completely addressed. If a PCI physical function is\n passed through to a Xen guest, the guest is able to\n access its memory and I/O regions before enabling\n decoding of those regions. This could result in a\n denial-of-service (unexpected NMI) on the host.\n\n The fix for this is incompatible with qemu versions before 2.5.\n\n - CVE-2017-18509\n Denis Andzakovic reported a missing type check in the\n IPv4 multicast routing implementation. A user with the\n CAP_NET_ADMIN capability (in any user namespace) could\n use this for denial-of-service (memory corruption or\n crash) or possibly for privilege escalation.\n\n - CVE-2018-5995\n ADLab of VenusTech discovered that the kernel logged the\n virtual addresses assigned to per-CPU data, which could\n make it easier to exploit other vulnerabilities.\n\n - CVE-2018-20836\n chenxiang reported a race condition in libsas, the\n kernel subsystem supporting Serial Attached SCSI (SAS)\n devices, which could lead to a use-after-free. It is not\n clear how this might be exploited.\n\n - CVE-2018-20856\n Xiao Jin reported a potential double-free in the block\n subsystem, in case an error occurs while initialising\n the I/O scheduler for a block device. It is not clear\n how this might be exploited.\n\n - CVE-2019-1125\n It was discovered that most x86 processors could\n speculatively skip a conditional SWAPGS instruction used\n when entering the kernel from user mode, and/or could\n speculatively execute it when it should be skipped. This\n is a subtype of Spectre variant 1, which could allow\n local users to obtain sensitive information from the\n kernel or other processes. It has been mitigated by\n using memory barriers to limit speculative execution.\n Systems using an i386 kernel are not affected as the\n kernel does not use SWAPGS.\n\n - CVE-2019-3882\n It was found that the vfio implementation did not limit\n the number of DMA mappings to device memory. A local\n user granted ownership of a vfio device could use this\n to cause a denial of service (out-of-memory condition).\n\n - CVE-2019-3900\n It was discovered that vhost drivers did not properly\n control the amount of work done to service requests from\n guest VMs. A malicious guest could use this to cause a\n denial-of-service (unbounded CPU usage) on the host.\n\n - CVE-2019-10207\n The syzkaller tool found a potential null dereference in\n various drivers for UART-attached Bluetooth adapters. A\n local user with access to a pty device or other suitable\n tty device could use this for denial-of-service\n (BUG/oops).\n\n - CVE-2019-10638\n Amit Klein and Benny Pinkas discovered that the\n generation of IP packet IDs used a weak hash function,\n 'jhash'. This could enable tracking individual computers\n as they communicate with different remote servers and\n from different networks. The 'siphash' function is now\n used instead.\n\n - CVE-2019-10639\n Amit Klein and Benny Pinkas discovered that the\n generation of IP packet IDs used a weak hash function\n that incorporated a kernel virtual address. This hash\n function is no longer used for IP IDs, although it is\n still used for other purposes in the network stack.\n\n - CVE-2019-13631\n It was discovered that the gtco driver for USB input\n tablets could overrun a stack buffer with constant data\n while parsing the device's descriptor. A physically\n present user with a specially constructed USB device\n could use this to cause a denial-of-service (BUG/oops),\n or possibly for privilege escalation.\n\n - CVE-2019-13648\n Praveen Pandey reported that on PowerPC (ppc64el)\n systems without Transactional Memory (TM), the kernel\n would still attempt to restore TM state passed to the\n sigreturn() system call. A local user could use this for\n denial-of-service (oops).\n\n - CVE-2019-14283\n The syzkaller tool found a missing bounds check in the\n floppy disk driver. A local user with access to a floppy\n disk device, with a disk present, could use this to read\n kernel memory beyond the I/O buffer, possibly obtaining\n sensitive information.\n\n - CVE-2019-14284\n The syzkaller tool found a potential division-by-zero in\n the floppy disk driver. A local user with access to a\n floppy disk device could use this for denial-of-service\n (oops).\n\n - CVE-2019-15239\n Denis Andzakovic reported a possible use-after-free in\n the TCP sockets implementation. A local user could use\n this for denial-of-service (memory corruption or crash)\n or possibly for privilege escalation.\n\n - (CVE ID not yet assigned)\n\n The netfilter conntrack subsystem used kernel addresses\n as user-visible IDs, which could make it easier to\n exploit other security vulnerabilities.\n\n - XSA-300\n\n Julien Grall reported that Linux does not limit the\n amount of memory which a domain will attempt to balloon\n out, nor limits the amount of 'foreign / grant map'\n memory which any individual guest can consume, leading\n to denial of service conditions (for host or guests).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-20836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-20856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-14283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-14284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-15239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4497\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 4.9.168-1+deb9u5.\n\nFor the stable distribution (buster), these problems were mostly fixed\nin version 4.19.37-5+deb10u2 or earlier.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.37-5+deb10u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.168-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.168-1+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:30:15", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1070 advisory.\n\n - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)\n\n - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2020:1070)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11190", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14283", "CVE-2019-14815", "CVE-2019-15221", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-3901", "CVE-2019-9503"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-kvm:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1070.NASL", "href": "https://www.tenable.com/plugins/nessus/135078", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1070. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135078);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2015-9289\",\n \"CVE-2017-17807\",\n \"CVE-2018-7191\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-9503\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11190\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-14283\",\n \"CVE-2019-15916\",\n \"CVE-2019-16746\"\n );\n script_bugtraq_id(\n 89937,\n 102301,\n 107528,\n 107890,\n 108011,\n 108299,\n 108380,\n 108474,\n 109055,\n 109092\n );\n script_xref(name:\"RHSA\", value:\"2020:1070\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2020:1070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1070 advisory.\n\n - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)\n\n - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to\n keyring without Write permission (CVE-2017-17807)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS\n (CVE-2019-14815)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-9289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-17807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-7191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1528335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1660385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1666106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1699856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1715554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1716328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1727756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1729931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1729933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1733874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1735655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1749974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-16746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 120, 122, 125, 190, 200, 250, 253, 331, 362, 400, 416, 476, 667, 787, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2015-9289', 'CVE-2017-17807', 'CVE-2018-7191', 'CVE-2018-19985', 'CVE-2018-20169', 'CVE-2019-3901', 'CVE-2019-9503', 'CVE-2019-10207', 'CVE-2019-10638', 'CVE-2019-10639', 'CVE-2019-11190', 'CVE-2019-11884', 'CVE-2019-12382', 'CVE-2019-13233', 'CVE-2019-14283', 'CVE-2019-14815', 'CVE-2019-15221', 'CVE-2019-15916', 'CVE-2019-16746');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1070');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1127.rt56.1093.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1127.rt56.1093.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:33:36", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory.\n\n - kernel: out of bound read in DVB connexant driver.\n (CVE-2015-9289)\n\n - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the\n __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648)\n\n - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)\n\n - kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:1016)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11190", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-18660", "CVE-2019-3901", "CVE-2019-9503"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/135316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1016 and \n# CentOS Errata and Security Advisory 2020:1016 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135316);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2015-9289\",\n \"CVE-2017-17807\",\n \"CVE-2018-7191\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3901\",\n \"CVE-2019-9503\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11190\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-15916\",\n \"CVE-2019-16746\",\n \"CVE-2019-18660\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1016\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:1016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1016 advisory.\n\n - kernel: out of bound read in DVB connexant driver.\n (CVE-2015-9289)\n\n - kernel: Missing permissions check for request_key()\n destination allows local attackers to add keys to\n keyring without Write permission (CVE-2017-17807)\n\n - kernel: oob memory read in hso_probe in\n drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the\n __usb_get_extra_descriptor() leading to DoS\n (CVE-2018-20169)\n\n - kernel: denial of service via ioctl call in network tun\n handling (CVE-2018-7191)\n\n - kernel: null-pointer dereference in\n hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote\n device tracking (CVE-2019-10638)\n\n - Kernel: net: using kernel space address bits to derive\n IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: ASLR bypass for setuid binaries due to late\n install_exec_creds() (CVE-2019-11190)\n\n - kernel: sensitive information disclosure from kernel\n stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in\n drm_load_edid_firmware leads to denial of service\n (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c\n (CVE-2019-13233)\n\n - kernel: denial of service in\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c via sigreturn() system\n call (CVE-2019-13648)\n\n - kernel: integer overflow and OOB read in\n drivers/block/floppy.c (CVE-2019-14283)\n\n - kernel: memory leak in register_queue_kobjects() in\n net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: buffer-overflow hardening in WiFi beacon\n validation code. (CVE-2019-16746)\n\n - kernel: (powerpc) incomplete Spectre-RSB mitigation\n leads to information exposure (CVE-2019-18660)\n\n - kernel: perf_event_open() and execve() race in setuid\n programs allows a data leak (CVE-2019-3901)\n\n - kernel: brcmfmac frame validation bypass (CVE-2019-9503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012401.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05ca73ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-16746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1127.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:32:55", "description": "* kernel: out of bound read in DVB connexant driver. * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission * kernel: denial of service via ioctl call in network tun handling * kernel: usb: missing size check in the __usb_get_extra_descriptor() * kernel:\nperf_event_open() and execve() race in setuid programs allows a data leak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer dereference in hci_uart_set_flow_control * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service * kernel: use-after-free in arch/x86/lib/insn-eval.c * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call * kernel: integer overflow and OOB read in drivers/block/floppy.c * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service * kernel: buffer-overflow hardening in WiFi beacon validation code. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to remote device tracking * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR * kernel: ASLR bypass for setuid binaries due to late install_exec_creds()", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2017-17807", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11190", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-18660", "CVE-2019-3901", "CVE-2019-9503"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135813", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135813);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2015-9289\", \"CVE-2017-17807\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-7191\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11190\", \"CVE-2019-11884\", \"CVE-2019-12382\", \"CVE-2019-13233\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-15916\", \"CVE-2019-16746\", \"CVE-2019-18660\", \"CVE-2019-3901\", \"CVE-2019-9503\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"* kernel: out of bound read in DVB connexant driver. * kernel: Missing\npermissions check for request_key() destination allows local attackers\nto add keys to keyring without Write permission * kernel: denial of\nservice via ioctl call in network tun handling * kernel: usb: missing\nsize check in the __usb_get_extra_descriptor() * kernel:\nperf_event_open() and execve() race in setuid programs allows a data\nleak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer\ndereference in hci_uart_set_flow_control * kernel: sensitive\ninformation disclosure from kernel stack memory via HIDPCONNADD\ncommand * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware\nleads to denial of service * kernel: use-after-free in\narch/x86/lib/insn-eval.c * kernel: denial of service in\narch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c\nvia sigreturn() system call * kernel: integer overflow and OOB read in\ndrivers/block/floppy.c * kernel: memory leak in\nregister_queue_kobjects() in net/core/net-sysfs.c leads to denial of\nservice * kernel: buffer-overflow hardening in WiFi beacon validation\ncode. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to\ninformation exposure * kernel: oob memory read in hso_probe in\ndrivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to\nremote device tracking * Kernel: net: using kernel space address bits\nto derive IP ID may potentially break KASLR * kernel: ASLR bypass for\nsetuid binaries due to late install_exec_creds()\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=7067\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4f1bf88\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1127.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1127.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:53:50", "description": "The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in create_qp_common, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991)\n\nCVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero.\n(bnc#bsc#1143189)\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.\n(bsc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\nThis causes a Denial of Service, related to a use-after-free.\n(bsc#1134399)\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265)\n\nCVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-extra", "p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-livepatch", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2068-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2068-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127772);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 15 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in create_qp_common,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace. (bnc#bsc#1103991)\n\nCVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from\nspeculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a\ndenial of service by setup_format_params division-by-zero.\n(bnc#bsc#1143189)\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It can be\ntriggered by an unprivileged local user when a floppy disk has been\ninserted. NOTE: QEMU creates the floppy device by default.\n(bsc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference can occur when megasas_create_frame_pool() fails\nin megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\nThis causes a Denial of Service, related to a use-after-free.\n(bsc#1134399)\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user can cause a\ndenial of service via a sigreturn() system call that sends a crafted\nsignal frame. (bnc#1142265)\n\nCVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device\ncould send an hid: report that triggered an out-of-bounds write during\ngeneration of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192068-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4fa0e5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-15-2019-2068=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2068=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Linux Azure Kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:54:48", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2072-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127775", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2072-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127775);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In\ncreate_qp_common in drivers/infiniband/hw/mlx5/qp.c,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS\n(bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It could\nbe triggered by an unprivileged local user when a floppy disk was\ninserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference could occur when megasas_create_frame_pool()\nfailed in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of\nService, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user could cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c in the Linux kernel, a malicious USB\ndevice could send an HID report that triggered an out-of-bounds write\nduring generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192072-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3306f5c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-2072=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2072=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2072=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-2072=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-2072=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2072=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:55:11", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2070-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127773);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In\ncreate_qp_common in drivers/infiniband/hw/mlx5/qp.c,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS\n(bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It could\nbe triggered by an unprivileged local user when a floppy disk was\ninserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference could occur when megasas_create_frame_pool()\nfailed in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of\nService, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user could cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c in the Linux kernel, a malicious USB\ndevice could send an HID report that triggered an out-of-bounds write\nduring generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192070-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ab65fda\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2070=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:55:34", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254).\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2262-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2262-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128469);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in\ndrivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never\ninitialized, resulting in a leak of stack memory to userspace\n(bsc#1143045).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service\nby setup_format_params division-by-zero. Two consecutive ioctls can\ntrigger the bug: the first one should set the drive geometry with\n.sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the\nfloppy format operation should be called. It can be triggered by an\nunprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c\ndid not validate the sect and head fields, as demonstrated by an\ninteger overflow and out-of-bounds read. It can be triggered by an\nunprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-11810: A NULL pointer dereference can occur when\nmegasas_create_frame_pool() fails in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of\nService, related to a use-after-free (bsc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory is disabled, a local user can cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sends a crafted signal frame. This\naffects arch/powerpc/kernel/signal_32.c and\narch/powerpc/kernel/signal_64.c (bnc#1142254).\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c, a malicious USB device can send an HID\nreport that triggers an out-of-bounds write during generation of\ndebugging messages (bsc#1142023).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192262-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f81a3e1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2262=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2262=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2019-2262=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_121-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_121-default-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_121-xen-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.121.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:41:19", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2071-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2071-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127774);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In\ncreate_qp_common in drivers/infiniband/hw/mlx5/qp.c,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS\n(bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It could\nbe triggered by an unprivileged local user when a floppy disk was\ninserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference could occur when megasas_create_frame_pool()\nfailed in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of\nService, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user could cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c in the Linux kernel, a malicious USB\ndevice could send an HID report that triggered an out-of-bounds write\nduring generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192071-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49104dda\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-2071=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2071=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-2071=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-2071=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-2071=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2071=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-2071=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-05T15:19:55", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4820 advisory.\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-10207", "CVE-2019-14283", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15221", "CVE-2019-15666"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4820.NASL", "href": "https://www.tenable.com/plugins/nessus/129841", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4820.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129841);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20855\",\n \"CVE-2019-10207\",\n \"CVE-2019-14283\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15221\",\n \"CVE-2019-15666\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4820 advisory.\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of\n stack memory to userspace. (CVE-2018-20855)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before\n 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware\n could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a\n malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4820.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.6.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4820');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.6.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:53:52", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2073-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2073-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127776);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20855: An issue was discovered in the Linux kernel In\ncreate_qp_common in drivers/infiniband/hw/mlx5/qp.c,\nmlx5_ib_create_qp_resp was never initialized, resulting in a leak of\nstack memory to userspace(bsc#1143045).\n\nCVE-2019-1125: Exclude ATOMs from speculation through SWAPGS\n(bsc#1139358).\n\nCVE-2019-14283: In the Linux kernel, set_geometry in\ndrivers/block/floppy.c did not validate the sect and head fields, as\ndemonstrated by an integer overflow and out-of-bounds read. It could\nbe triggered by an unprivileged local user when a floppy disk was\ninserted. NOTE: QEMU creates the floppy device by default.\n(bnc#1143191)\n\nCVE-2019-11810: An issue was discovered in the Linux kernel A NULL\npointer dereference could occur when megasas_create_frame_pool()\nfailed in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of\nService, related to a use-after-free (bnc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory was disabled, a local user could cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sent a crafted signal frame.\n(bnc#1142254)\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c in the Linux kernel, a malicious USB\ndevice could send an HID report that triggered an out-of-bounds write\nduring generation of debugging messages. (bnc#1142023)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192073-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5521e7e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2073=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-2073=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14283\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-21T14:33:27", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2019-3.0-0026", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10638", "CVE-2019-13272", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15090", "CVE-2019-15807", "CVE-2019-15925", "CVE-2019-15926"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/128732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0026. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128732);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2019-10638\",\n \"CVE-2019-13272\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-15090\",\n \"CVE-2019-15807\",\n \"CVE-2019-15925\",\n \"CVE-2019-15926\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2019-3.0-0026\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0026.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-api-headers-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-debuginfo-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-devel-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-docs-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-drivers-gpu-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-oprofile-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-sound-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-debuginfo-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-devel-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-docs-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-gpu-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-sound-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-debuginfo-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-devel-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-docs-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-oprofile-4.19.65-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-debuginfo-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-devel-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-docs-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-lkcm-4.19.65-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-tools-4.19.65-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2023-01-25T14:41:46", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-226-01.NASL", "href": "https://www.tenable.com/plugins/nessus/127882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-226-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127882);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2017-18509\", \"CVE-2018-20856\", \"CVE-2019-10207\", \"CVE-2019-1125\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\");\n script_xref(name:\"SSA\", value:\"2019-226-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12c71cbb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-firmware\", pkgver:\"20190726_dff98c6\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.189\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.189_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.189_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.189\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.189_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.189\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.189_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.189_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20190726_dff98c6\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.189\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.189\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.189\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.189\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.189\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:54:49", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-1125: Fix Spectre V1 variant memory disclosure by speculation over the SWAPGS instruction (bsc#1139358).\n\n - CVE-2019-10207: A NULL pointer dereference was possible in the bluetooth stack, which could lead to crashes.\n (bnc#1123959 bnc#1142857).\n\n - CVE-2018-20855: In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bnc#1143045).\n\n - CVE-2019-14284: drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. (bnc#1143189).\n\n - CVE-2019-14283: set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. (bnc#1143191).\n\n - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bnc#1134399).\n\n - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254 bnc#1142265).\n\n - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bnc#1142023).\n\nThe following non-security bugs were fixed :\n\n - 9p: acl: fix uninitialized iattr access (bsc#1051510).\n\n - 9p: p9dirent_read: check network-provided name length (bsc#1051510).\n\n - 9p: pass the correct prototype to read_cache_page (bsc#1051510).\n\n - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510).\n\n - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510).\n\n - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510).\n\n - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510).\n\n - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510).\n\n - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510).\n\n - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510).\n\n - acpi/nfit: Always dump _DSM output payload (bsc#1142351).\n\n - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510).\n\n - Add back sibling paca poiter to paca (bsc#1055117).\n\n - Add support for crct10dif-vpmsum ().\n\n - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510).\n\n - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02).\n\n - af_unix: remove redundant lockdep class (git-fixes).\n\n - ALSA: compress: Be more restrictive about when a drain is allowed (bsc#1051510).\n\n - ALSA: compress: Do not allow paritial drain operations on capture streams (bsc#1051510).\n\n - ALSA: compress: Fix regression on compressed capture streams (bsc#1051510).\n\n - ALSA: compress: Prevent bypasses of set_params (bsc#1051510).\n\n - ALSA: hda - Add a conexant codec entry to let mute led work (bsc#1051510).\n\n - ALSA: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666).\n\n - ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666).\n\n - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666).\n\n - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666).\n\n - ALSA: hda/hdmi - Remove duplicated define (bsc#1111666).\n\n - ALSA: hda - Optimize resume for codecs without jack detection (bsc#1111666).\n\n - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510).\n\n - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510).\n\n - ALSA: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510).\n\n - ALSA: line6: Fix a typo (bsc#1051510).\n\n - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510).\n\n - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510).\n\n - ALSA: seq: Break too long mutex context in the write loop (bsc#1051510).\n\n - ALSA: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510).\n\n - ALSA: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510).\n\n - ALSA: usb-audio: Cleanup DSD whitelist (bsc#1051510).\n\n - ALSA: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510).\n\n - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510).\n\n - ALSA: usb-audio: fix Line6 Helix audio format rates (bsc#1111666).\n\n - ALSA: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510).\n\n - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021).\n\n - ARM: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021).\n\n - ARM: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021).\n\n - ASoC : cs4265 : readable register too low (bsc#1051510).\n\n - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510).\n\n - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510).\n\n - ath10k: add missing error handling (bsc#1111666).\n\n - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666).\n\n - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666).\n\n - ath10k: Do not send probe response template for mesh (bsc#1111666).\n\n - ath10k: Fix encoding for protected management frames (bsc#1111666).\n\n - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666).\n\n - ath10k: fix PCIE device wake up failed (bsc#1111666).\n\n - ath6kl: add some bounds checking (bsc#1051510).\n\n - ath9k: Check for errors when reading SREV register (bsc#1111666).\n\n - ath9k: correctly handle short radar pulses (bsc#1111666).\n\n - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666).\n\n - batman-adv: fix for leaked TVLV handler (bsc#1051510).\n\n - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652).\n\n - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652).\n\n - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652).\n\n - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652).\n\n - bcache: add code comments for journal_read_bucket() (bsc#1140652).\n\n - bcache: add code comments for journal_read_bucket() (bsc#1140652).\n\n - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652).\n\n - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652).\n\n - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652).\n\n - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652).\n\n - bcache: add comments for kobj release callback routine (bsc#1140652).\n\n - bcache: add comments for kobj release callback routine (bsc#1140652).\n\n - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652).\n\n - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652).\n\n - bcache: add error check for calling register_bdev() (bsc#1140652).\n\n - bcache: add error check for calling register_bdev() (bsc#1140652).\n\n - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652).\n\n - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652).\n\n - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).\n\n - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).\n\n - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).\n\n - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).\n\n - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).\n\n - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).\n\n - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).\n\n - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).\n\n - bcache: add return value check to bch_cached_dev_run() (bsc#1140652).\n\n - bcache: add return value check to bch_cached_dev_run() (bsc#1140652).\n\n - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).\n\n - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).\n\n - bcache: avoid clang -Wunintialized warning (bsc#1140652).\n\n - bcache: avoid clang -Wunintialized warning (bsc#1140652).\n\n - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652).\n\n - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652).\n\n - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652).\n\n - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652).\n\n - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).\n\n - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).\n\n - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).\n\n - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).\n\n - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652).\n\n - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652).\n\n - bcache: Clean up bch_get_congested() (bsc#1140652).\n\n - bcache: Clean up bch_get_congested() (bsc#1140652).\n\n - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652).\n\n - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652).\n\n - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652).\n\n - bcache: do not set max writeback rate if gc is running (bsc#1140652).\n\n - bcache: do not set max writeback rate if gc is running (bsc#1140652).\n\n - bcache: fix a race between cache register and cacheset unregister (bsc#1140652).\n\n - bcache: fix a race between cache register and cacheset unregister (bsc#1140652).\n\n - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652).\n\n - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652).\n\n - bcache: fix failure in journal relplay (bsc#1140652).\n\n - bcache: fix failure in journal relplay (bsc#1140652).\n\n - bcache: fix inaccurate result of unused buckets (bsc#1140652).\n\n - bcache: fix inaccurate result of unused buckets (bsc#1140652).\n\n - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).\n\n - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).\n\n - bcache: fix potential deadlock in cached_def_free() (bsc#1140652).\n\n - bcache: fix potential deadlock in cached_def_free() (bsc#1140652).\n\n - bcache: fix race in btree_flush_write() (bsc#1140652).\n\n - bcache: fix race in btree_flush_write() (bsc#1140652).\n\n - bcache: fix return value error in bch_journal_read() (bsc#1140652).\n\n - bcache: fix return value error in bch_journal_read() (bsc#1140652).\n\n - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).\n\n - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).\n\n - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652).\n\n - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652).\n\n - bcache: ignore read-ahead request failure on backing device (bsc#1140652).\n\n - bcache: ignore read-ahead request failure on backing device (bsc#1140652).\n\n - bcache: improve bcache_reboot() (bsc#1140652).\n\n - bcache: improve bcache_reboot() (bsc#1140652).\n\n - bcache: improve error message in bch_cached_dev_run() (bsc#1140652).\n\n - bcache: improve error message in bch_cached_dev_run() (bsc#1140652).\n\n - bcache: make bset_search_tree() be more understandable (bsc#1140652).\n\n - bcache: make bset_search_tree() be more understandable (bsc#1140652).\n\n - bcache: make is_discard_enabled() static (bsc#1140652).\n\n - bcache: make is_discard_enabled() static (bsc#1140652).\n\n - bcache: more detailed error message to bcache_device_link() (bsc#1140652).\n\n - bcache: more detailed error message to bcache_device_link() (bsc#1140652).\n\n - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652).\n\n - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652).\n\n - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652).\n\n - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652).\n\n - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).\n\n - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).\n\n - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652).\n\n - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652).\n\n - bcache: performance improvement for btree_flush_write() (bsc#1140652).\n\n - bcache: performance improvement for btree_flush_write() (bsc#1140652).\n\n - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).\n\n - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652).\n\n - bcache: remove retry_flush_write from struct cache_set (bsc#1140652).\n\n - bcache: remove retry_flush_write from struct cache_set (bsc#1140652).\n\n - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).\n\n - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).\n\n - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652).\n\n - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652).\n\n - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652).\n\n - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652).\n\n - bcache: return error immediately in bch_journal_replay() (bsc#1140652).\n\n - bcache: return error immediately in bch_journal_replay() (bsc#1140652).\n\n - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652).\n\n - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652).\n\n - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652).\n\n - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652).\n\n - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652).\n\n - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652).\n\n - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).\n\n - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).\n\n - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652).\n\n - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652).\n\n - bcache: use sysfs_match_string() instead of\n __sysfs_match_string() (bsc#1140652).\n\n - bcache: use sysfs_match_string() instead of\n __sysfs_match_string() (bsc#1140652).\n\n - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18).\n\n - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315).\n\n - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315).\n\n - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359).\n\n - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510).\n\n - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510).\n\n - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510).\n\n - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510).\n\n - Bluetooth: validate BLE connection interval updates (bsc#1051510).\n\n - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703).\n\n - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868).\n\n - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954).\n\n - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745).\n\n - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31).\n\n - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745).\n\n - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745).\n\n - bonding: Always enable vlan tx offload (networking-stable-19_07_02).\n\n - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14).\n\n - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584).\n\n - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647).\n\n - bpf: fix callees pruning callers (bsc#1109837).\n\n - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647).\n\n - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647).\n\n - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647).\n\n - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14).\n\n - btrfs: fix race between block group removal and block group allocation (bsc#1143003).\n\n - btrfs-kill-btrfs_clear_path_blocking.patch:\n (bsc#1140139).\n\n - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103).\n\n - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103).\n\n - carl9170: fix misuse of device driver API (bsc#1111666).\n\n - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). blacklist.conf: dropped patch from blacklist.\n\n - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478).\n\n - clk: qcom: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510).\n\n - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510).\n\n - Correct iwlwifi 22000 series ucode file name (bsc#1142673) \n\n - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623)\n\n - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510).\n\n - cpufreq: check if policy is inactive early in\n __cpufreq_get() (bsc#1051510).\n\n - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510).\n\n - cpufreq/pasemi: fix possible object reference leak (bsc#1051510).\n\n - cpufreq: pmac32: fix possible object reference leak (bsc#1051510).\n\n - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510).\n\n - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510).\n\n - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510).\n\n - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510).\n\n - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510).\n\n - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510).\n\n - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510).\n\n - crypto: ccp/gcm - use const time tag comparison (bsc#1051510).\n\n - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510).\n\n - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510).\n\n - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510).\n\n - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510).\n\n - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510).\n\n - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510).\n\n - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510).\n\n - crypto: talitos - fix CTR alg blocksize (bsc#1051510).\n\n - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510).\n\n - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510).\n\n - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510).\n\n - crypto: talitos - properly handle split ICV (bsc#1051510).\n\n - crypto: talitos - reduce max key size for SEC1 (bsc#1051510).\n\n - crypto: talitos - rename alternative AEAD algos (bsc#1051510).\n\n - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#11123080).\n\n - dma-buf: balance refcount inbalance (bsc#1051510).\n\n - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666).\n\n - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510).\n\n - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - Documentation: Add nospectre_v1 parameter (bsc#1051510).\n\n - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510).\n\n - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14).\n\n - driver core: Fix use-after-free and double free on glue directory (bsc#1131281).\n\n - drm/amd/display: Always allocate initial connector state state (bsc#1111666).\n\n - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666).\n\n - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666).\n\n - drm/amd/display: fix compilation error (bsc#1111666).\n\n - drm/amd/display: Make some functions static (bsc#1111666).\n\n - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666).\n\n - drm/amdkfd: Fix a potential memory leak (bsc#1111666).\n\n - drm/amdkfd: Fix sdma queue map issue (bsc#1111666).\n\n - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666).\n\n - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510).\n\n - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510).\n\n - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510).\n\n - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681).\n\n - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666).\n\n - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510).\n\n - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510).\n\n - drm/msm: Depopulate platform on probe failure (bsc#1051510).\n\n - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666).\n\n - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510).\n\n - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510).\n\n - drm: return -EFAULT if copy_to_user() fails (bsc#1111666).\n\n - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510).\n\n - drm/udl: introduce a macro to convert dev to udl (bsc#1111666).\n\n - drm/udl: move to embedding drm device inside udl device (bsc#1111666).\n\n - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666).\n\n - drm/vc4: fix fb references in async update (bsc#1141312).\n\n - drm/virtio: Add memory barriers for capset cache (bsc#1051510).\n\n - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666).\n\n - e1000e: start network tx queue only when link is up (bsc#1051510).\n\n - eCryptfs: fix a couple type promotion bugs (bsc#1051510).\n\n - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279).\n\n - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510).\n\n - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364)\n\n - ethtool: check the return value of get_regs_len (git-fixes).\n\n - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09).\n\n - firmware: ti_sci: Always request response from firmware (bsc#1051510).\n\n - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510).\n\n - Fix memory leak in sctp_process_init (networking-stable-19_06_09).\n\n - floppy: fix invalid pointer dereference in drive_name (bsc#1111666).\n\n - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666).\n\n - fork, memcg: fix cached_stacks case (bsc#1134097).\n\n - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097).\n\n - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057).\n\n - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057).\n\n - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057).\n\n - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510).\n\n - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666).\n\n - HID: wacom: correct touch resolution x/y typo (bsc#1051510).\n\n - HID: wacom: generic: Correct pad syncing (bsc#1051510).\n\n - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510).\n\n - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510).\n\n - hpet: Fix division by zero in hpet_time_div() (bsc#1051510).\n\n - hv_netvsc-Set-probe-mode-to-sync.patch: (bsc#1142083).\n\n - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510).\n\n - IB/ipoib: Add child to parent list only if device initialized (bsc#1103992).\n\n - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991).\n\n - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837).\n\n - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510).\n\n - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510).\n\n - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510).\n\n - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510).\n\n - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510).\n\n - Input: psmouse - fix build error of multiple definition (bsc#1051510).\n\n - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510).\n\n - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510).\n\n - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770).\n\n - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510).\n\n - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510).\n\n - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510).\n\n - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150).\n\n - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14).\n\n - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networki