DATABASE RESOURCES PRICING ABOUT US

{"id": "ORACLELINUX_ELSA-2020-5706.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5706)", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5706 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages. (CVE-2013-4125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2020-06-05T00:00:00", "modified": "2022-05-13T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/137172", "reporter": "This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19537", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19528", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19523", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18281", "https://linux.oracle.com/errata/ELSA-2020-5706.html"], "cvelist": ["CVE-2013-4125", "CVE-2018-18281", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-19537"], "immutableFields": [], "lastseen": "2023-05-18T15:02:10", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:1578"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2020:4060"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:131A4556633D91C9BF0AE72696FADB89"]}, {"type": "cve", "idList": ["CVE-2013-4125", "CVE-2013-4141", "CVE-2018-18281", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-19537"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4125", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2019-19523", "DEBIANCVE:CVE-2019-19528", "DEBIANCVE:CVE-2019-19537"]}, {"type": "f5", "idList": ["F5:K36462841"]}, {"type": "fedora", "idList": ["FEDORA:0960721640", "FEDORA:0BFFD21A2A", "FEDORA:0E8612288A", "FEDORA:131186087E1C", "FEDORA:1317A20FE4", "FEDORA:13273218E5", "FEDORA:18E4222173", "FEDORA:1AE8521943", "FEDORA:1DA3D221C6", "FEDORA:1DB63211A2", "FEDORA:1ED2C2133A", "FEDORA:23B6E225A0", "FEDORA:2457821EFD", "FEDORA:2774121FD9", "FEDORA:2784A21C29", "FEDORA:280D922723", "FEDORA:2BA602158D", "FEDORA:3060D60E9A21", "FEDORA:30991220A7", "FEDORA:30C5820E79", "FEDORA:56A5821917", "FEDORA:58AF5217A1", "FEDORA:5D94521889", "FEDORA:6A93C20D15", "FEDORA:7279A21FC0", "FEDORA:756F822091", "FEDORA:8BF45213A1", "FEDORA:936A4223EA", "FEDORA:9FA6021249", "FEDORA:A765122E16", "FEDORA:A7C8F21CCE", "FEDORA:BA8EE21864", "FEDORA:C1609208D0", "FEDORA:D15E060F33C2", "FEDORA:D69CC24B48", "FEDORA:DA71D21D19", "FEDORA:DB49F219DE", "FEDORA:E6C59213CA", "FEDORA:E99C02072E"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "ibm", "idList": ["4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2018-0417", "MGASA-2018-0418", "MGASA-2018-0419"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-4060.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1108.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1244.NASL", "EULEROS_SA-2019-1253.NASL", "EULEROS_SA-2019-1473.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1674.NASL", "F5_BIGIP_SOL36462841.NASL", "FEDORA_2013-13536.NASL", "FEDORA_2013-13663.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2018-1427.NASL", "OPENSUSE-2018-1548.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-974.NASL", "OPENSUSE-2020-336.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5708.NASL", "ORACLELINUX_ELSA-2020-5710.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0020.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2020-0036.NASL", "REDHAT-RHSA-2020-0100.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0179.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2018-4069-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2019-3389-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-14354-1.NASL", "UBUNTU_USN-1935-1.NASL", "UBUNTU_USN-1936-1.NASL", "UBUNTU_USN-3832-1.NASL", "UBUNTU_USN-3835-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3880-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814563", "OPENVAS:1361412562310841534", "OPENVAS:1361412562310841535", "OPENVAS:1361412562310843840", "OPENVAS:1361412562310843841", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310852140", "OPENVAS:1361412562310852195", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310866121", "OPENVAS:1361412562310866657", "OPENVAS:1361412562310866832", "OPENVAS:1361412562310866837", "OPENVAS:1361412562310866894", "OPENVAS:1361412562310866896", "OPENVAS:1361412562310866900", "OPENVAS:1361412562310866901", "OPENVAS:1361412562310866934", "OPENVAS:1361412562310866952", "OPENVAS:1361412562310866964", "OPENVAS:1361412562310866972", "OPENVAS:1361412562310867001", "OPENVAS:1361412562310867043", "OPENVAS:1361412562310867054", "OPENVAS:1361412562310867089", "OPENVAS:1361412562310867096", "OPENVAS:1361412562310867119", "OPENVAS:1361412562310867183", "OPENVAS:1361412562310867240", "OPENVAS:1361412562310867242", "OPENVAS:1361412562310867520", "OPENVAS:1361412562310867546", "OPENVAS:1361412562310867580", "OPENVAS:1361412562310867651", "OPENVAS:1361412562310867682", "OPENVAS:1361412562310867774", "OPENVAS:1361412562310867820", "OPENVAS:1361412562310867857", "OPENVAS:1361412562310867905", "OPENVAS:1361412562310868019", "OPENVAS:1361412562310868076", "OPENVAS:1361412562310868102", "OPENVAS:1361412562310868351", "OPENVAS:1361412562310868416", "OPENVAS:1361412562310868489", "OPENVAS:1361412562310868851", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191108", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191473", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201674", "OPENVAS:841534", "OPENVAS:841535", "OPENVAS:866121", "OPENVAS:866657", "OPENVAS:866832", "OPENVAS:866837", "OPENVAS:866894", "OPENVAS:866896", "OPENVAS:866900", "OPENVAS:866901", "OPENVAS:866934", "OPENVAS:866952", "OPENVAS:866964", "OPENVAS:866972", "OPENVAS:867001", "OPENVAS:867043", "OPENVAS:867054", "OPENVAS:867089", "OPENVAS:867096", "OPENVAS:867119", "OPENVAS:867183", "OPENVAS:867240", "OPENVAS:867242", "OPENVAS:867520", "OPENVAS:867546", "OPENVAS:867580", "OPENVAS:867651", "OPENVAS:867682", "OPENVAS:867774"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2029", "ELSA-2020-4060", "ELSA-2020-4431", "ELSA-2020-5670", "ELSA-2020-5706", "ELSA-2020-5708", "ELSA-2020-5710", "ELSA-2020-5715", "ELSA-2021-1578"]}, {"type": "osv", "idList": ["OSV:DLA-1715-1", "OSV:DLA-1731-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150001"]}, {"type": "photon", "idList": ["PHSA-2019-0039", "PHSA-2019-0189", "PHSA-2019-0255", "PHSA-2019-1.0-0255", "PHSA-2019-3.0-0039"]}, {"type": "redhat", "idList": ["RHSA-2019:0831", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2020:0036", "RHSA-2020:0100", "RHSA-2020:0103", "RHSA-2020:0179", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:1578", "RHSA-2021:1739", "RHSA-2021:2121", "RHSA-2021:2136"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-18281", "RH:CVE-2019-19523", "RH:CVE-2019-19528", "RH:CVE-2019-19537"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13100"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3817-1", "OPENSUSE-SU-2018:4133-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2020:0336-1"]}, {"type": "ubuntu", "idList": ["USN-1935-1", "USN-1936-1", "USN-3832-1", "USN-3835-1", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3880-1", "USN-3880-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4125", "UB:CVE-2018-18281", "UB:CVE-2019-19523", "UB:CVE-2019-19528", "UB:CVE-2019-19537"]}, {"type": "veracode", "idList": ["VERACODE:21053", "VERACODE:26792", "VERACODE:26803", "VERACODE:27080"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-01-01", "ANDROID:2020-03-01"]}, {"type": "centos", "idList": ["CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:131A4556633D91C9BF0AE72696FADB89"]}, {"type": "cve", "idList": ["CVE-2013-4125", "CVE-2018-18281"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4125", "DEBIANCVE:CVE-2018-18281", "DEBIANCVE:CVE-2019-19523", "DEBIANCVE:CVE-2019-19528", "DEBIANCVE:CVE-2019-19537"]}, {"type": "fedora", "idList": ["FEDORA:D69CC24B48"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:60F2E118E85CB34AAEEAED9DE88D51AF"]}, {"type": "ibm", "idList": ["7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-1578.NASL", "FEDORA_2013-13663.NASL", "OPENSUSE-2018-1427.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-13937-1.NASL", "UBUNTU_USN-3832-1.NASL", "UBUNTU_USN-3835-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3880-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843840", "OPENVAS:1361412562310843841", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843896", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310852140", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562311220191522"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2029", "ELSA-2021-1578"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150001"]}, {"type": "photon", "idList": ["PHSA-2019-0039", "PHSA-2019-0189"]}, {"type": "redhat", "idList": ["RHSA-2020:0103"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19523", "RH:CVE-2019-19537"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3817-1"]}, {"type": "ubuntu", "idList": ["USN-3832-1", "USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3880-1", "USN-3880-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19523", "UB:CVE-2019-19528"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2013-4125", "epss": 0.03948, "percentile": 0.90674, "modified": "2023-05-06"}, {"cve": "CVE-2018-18281", "epss": 0.00093, "percentile": 0.38382, "modified": "2023-05-06"}, {"cve": "CVE-2019-19523", "epss": 0.00122, "percentile": 0.45194, "modified": "2023-05-06"}, {"cve": "CVE-2019-19528", "epss": 0.00099, "percentile": 0.39786, "modified": "2023-05-06"}, {"cve": "CVE-2019-19537", "epss": 0.00137, "percentile": 0.47756, "modified": "2023-05-06"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1684440198, "score": 1684422880, "epss": 0}, "_internal": {"score_hash": "f24d904374c454320c9aac05f824a9b7"}, "pluginID": "137172", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5706.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137172);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2013-4125\",\n \"CVE-2018-18281\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2019-19537\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5706 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1\n does not properly handle Router Advertisement (RA) messages in certain circumstances involving three\n routes that initially qualified for membership in an ECMP route set until a change occurred for one of the\n first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted\n sequence of messages. (CVE-2013-4125)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5706.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19528\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.46.1.el6uek', '3.8.13-118.46.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5706');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.46.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.46.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.46.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.46.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.46.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.46.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.46.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.46.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.46.1.el6uek / dtrace-modules-3.8.13-118.46.1.el7uek / kernel-uek / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.46.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2019-19528", "vendor_cvss2": {"score": 5.6, "vector": "CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-06-04T00:00:00", "vulnerabilityPublicationDate": "2013-07-15T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2021-07-30T06:24:49", "description": "kernel-uek\n[3.8.13-118.46.1]\n- ipv6: only static routes qualify for equal cost multipathing (Hannes Frederic Sowa) [Orabug: 30977687] {CVE-2013-4125}\n- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240296] {CVE-2019-19523}\n- USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317668] {CVE-2019-19537}\n- USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351063] {CVE-2019-19528}\n- usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351063] {CVE-2019-19528}\n- mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352012] {CVE-2018-18281}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-06-04T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4125", "CVE-2018-18281", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-19537"], "modified": "2020-06-04T00:00:00", "id": "ELSA-2020-5706", "href": "http://linux.oracle.com/errata/ELSA-2020-5706.html", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:57", "description": "[2.6.39-400.323.1]\n- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240297] {CVE-2019-19523}\n- USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537}\n- USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351064] {CVE-2019-19528}\n- usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351064] {CVE-2019-19528}\n[2.6.39-400.322.1]\n- ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] \n- ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] \n- HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527}\n- HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527}\n- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532}", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-05T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19523", "CVE-2019-19527", "CVE-2019-19528", "CVE-2019-19532", "CVE-2019-19537"], "modified": "2020-06-05T00:00:00", "id": "ELSA-2020-5710", "href": "http://linux.oracle.com/errata/ELSA-2020-5710.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:23", "description": "[4.1.12-124.39.5]\n- Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213691] {CVE-2019-19524}\n- libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897}\n- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] {CVE-2017-1000370} {CVE-2017-1000371} {CVE-2017-1000370}\n- NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212]\n- NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357212]\n- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466]\n[4.1.12-124.39.4]\n- acpi: disable erst (Wengang Wang) [Orabug: 31194253]\n- mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] {CVE-2019-12819}\n- rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302708]\n- vxlan: dont migrate permanent fdb entries during learn (Roopa Prabhu) [Orabug: 31325318]\n- USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] {CVE-2019-19528}\n- usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] {CVE-2019-19528}\n- mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] {CVE-2018-18281}\n[4.1.12-124.39.3]\n- Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200558] {CVE-2019-20636}\n- media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] {CVE-2020-11609}\n- media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] {CVE-2020-11608}\n- media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] {CVE-2020-11668}\n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263147] {CVE-2019-19057}\n- USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] {CVE-2019-19537}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000370", "CVE-2017-1000371", "CVE-2018-18281", "CVE-2019-12819", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-19057", "CVE-2019-19524", "CVE-2019-19528", "CVE-2019-19537", "CVE-2019-20636", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668"], "modified": "2020-06-03T00:00:00", "id": "ELSA-2020-5708", "href": "http://linux.oracle.com/errata/ELSA-2020-5708.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:48", "description": "[4.18.0-305.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-305]\n- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (Michael Petlan) [1950388]\n[4.18.0-304]\n- mm: Revert 'remove the account_page_dirtied export' (Waiman Long) [1941257]\n- Revert '[netdrv] net/broadcom: Clean broadcom code from driver versions' (Jonathan Toppins) [1940842]\n[4.18.0-303]\n- redhat: switch secureboot kernel image signing to release keys (Jan Stancek)\n- Revert '[md] md/raid5: add a new member of offset into r5dev' (Nigel Croxon) [1936903]\n- Revert '[md] md/raid5: make async_copy_data() to support different page offset' (Nigel Croxon) [1936903]\n- Revert '[crypto] md/raid5: add new xor function to support different page offset' (Nigel Croxon) [1936903]\n- Revert '[md] md/raid5: convert to new xor compution interface' (Nigel Croxon) [1936903]\n- Revert '[crypto] md/raid6: let syndrome computor support different page offset' (Nigel Croxon) [1936903]\n- Revert '[crypto] md/raid6: let async recovery function support different page offset' (Nigel Croxon) [1936903]\n- Revert '[md] md/raid5: let multiple devices of stripe_head share page' (Nigel Croxon) [1936903]\n- Revert '[md] md/raid5: resize stripe_head when reshape array' (Nigel Croxon) [1936903]\n- Revert '[md] md/raid5: reallocate page array after setting new stripe_size' (Nigel Croxon) [1936903]\n- ACPI: PNP: compare the string length in the matching_id() (Mark Langsdorf) [1933702]\n- ceph: add missing break when parsing 'nowsync' mount option (Jeff Layton) [1932753]\n- get_maintainer.conf: Update with new location of RHMAINTAINERS (Prarit Bhargava)\n- redhat: make pathspec exclusion compatible with old git versions (Herton R. Krzesinski)\n- redhat/scripts: Update merge-subtrees.sh with new subtree location (Prarit Bhargava)\n- tree: Add RHMAINTAINERS soft link in 8.4 (Prarit Bhargava)\n- tree: remove existing redhat/rhdocs subtree in 8.4 (Prarit Bhargava)\n[4.18.0-302]\n- PCI: rpadlpar: Fix potential drc_name corruption in store functions (Gustavo Luiz Duarte) [1938116]\n- selftests: kvm: Add basic Hyper-V clocksources tests (Vitaly Kuznetsov) [1931782]\n- KVM: x86: hyper-v: Dont touch TSC page values when guest opted for re-enlightenment (Vitaly Kuznetsov) [1931782]\n- KVM: x86: hyper-v: Track Hyper-V TSC page status (Vitaly Kuznetsov) [1931782]\n- KVM: x86: hyper-v: Prevent using not-yet-updated TSC page by secondary CPUs (Vitaly Kuznetsov) [1931782]\n- KVM: x86: hyper-v: Limit guest to writing zero to HV_X64_MSR_TSC_EMULATION_STATUS (Vitaly Kuznetsov) [1931782]\n- drm/i915/guc: Update to use firmware v49.0.1 (Dave Airlie) [1935281] {CVE-2020-12362}\n- time: Enable __kernel_timespec for 32-bit vdso build (Waiman Long) [1936282]\n- lib/idr.c: document calling context for IDA APIs mustnt use locks (Chris von Recklinghausen) [1917764]\n- ida: Free allocated bitmap in error path (Chris von Recklinghausen) [1917764]\n- radix tree test suite: Fix compilation (Chris von Recklinghausen) [1917764]\n- vmalloc: convert to XArray (Chris von Recklinghausen) [1917764]\n- mm: pass addr as unsigned long to vb_free (Chris von Recklinghausen) [1917764]\n- radix tree: Remove multiorder support (Chris von Recklinghausen) [1917764]\n- radix tree test: Convert multiorder tests to XArray (Chris von Recklinghausen) [1917764]\n- radix tree tests: Convert item_delete_rcu to XArray (Chris von Recklinghausen) [1917764]\n- radix tree tests: Convert item_kill_tree to XArray (Chris von Recklinghausen) [1917764]\n- radix tree tests: Move item_insert_order (Chris von Recklinghausen) [1917764]\n- radix tree test suite: Remove multiorder benchmarking (Chris von Recklinghausen) [1917764]\n- radix tree test suite: Remove __item_insert (Chris von Recklinghausen) [1917764]\n- radix tree: Remove radix_tree_clear_tags (Chris von Recklinghausen) [1917764]\n- radix tree: Remove split/join code (Chris von Recklinghausen) [1917764]\n- radix tree: Remove radix_tree_update_node_t (Chris von Recklinghausen) [1917764]\n- mm: Convert truncate to XArray (Chris von Recklinghausen) [1917764]\n- copy rh_kabi.h to tools/testing/radix-tree/linux (Chris von Recklinghausen) [1917764]\n[4.18.0-301]\n- ibmvnic: fix a race between open and reset (Diego Domingos) [1940042]\n- ibmvnic: Set to CLOSED state even on error (Diego Domingos) [1940042]\n- ibmvnic: device remove has higher precedence over reset (Diego Domingos) [1940042]\n- ibmvnic: merge do_change_param_reset into do_reset (Diego Domingos) [1940042]\n- ibmvfc: disable MQ channelization by default (Gustavo Luiz Duarte) [1939359]\n- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (Steve Dickson) [1926945]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930833] {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930856] {CVE-2021-27363}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1930809] {CVE-2021-27364}\n- futex: Handle faults correctly for PI futexes (Waiman Long) [1924635]\n- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924635]\n- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924635]\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924635]\n- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924635]\n- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924635]\n- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924635]\n- futex: Dont enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924635]\n- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924635]\n- futex: Consistently use fshared as boolean (Waiman Long) [1924635]\n- futex: Remove needless gotos (Waiman Long) [1924635]\n- futex: Remove put_futex_key() (Waiman Long) [1924635]\n- NFS: Correct size calculation for create reply length (Benjamin Coddington) [1934903]\n- SUNRPC: Set memalloc_nofs_save() for sync tasks (Benjamin Coddington) [1934098]\n- net/mlx5: CT: Add support for matching on ct_state reply flag (Alaa Hleihel) [1919651]\n- net/mlx5e: CT: manage the lifetime of the ct entry object (Alaa Hleihel) [1919651]\n- net/mlx5e: CT: Use per flow counter when CT flow accounting is enabled (Alaa Hleihel) [1919651]\n- net/mlx5e: Fix a use after free on error in mlx5_tc_ct_shared_counter_get() (Alaa Hleihel) [1919651]\n- net/mlx5e: CT: Use the same counter for both directions (Alaa Hleihel) [1919651]\n- ethtool: fix the check logic of at least one channel for RX/TX (Ivan Vecera) [1907406]\n[4.18.0-300]\n- [scsi] scsi: qedi: Correct max length of CHAP secret (Nilesh Javali) [1909180]\n- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata)\n- redhat: add CI file for kernel-private (Bruno Meneguele)\n- CI: Drop unused variable (Bruno Meneguele)\n- CI: Enable RT verification (Bruno Meneguele)\n- KVM: SVM: Clear the CR4 register on reset (Vitaly Kuznetsov) [1920788]\n- net: flow_offload: Add original direction flag to ct_metadata (Marcelo Ricardo Leitner) [1921946]\n- net/sched: cls_flower: Add match on the ct_state reply flag (Marcelo Ricardo Leitner) [1921946]\n- net/sched: cls_flower add CT_FLAGS_INVALID flag support (Marcelo Ricardo Leitner) [1921946]\n- net/sched: cls_flower: Reject invalid ct_state flags rules (Marcelo Ricardo Leitner) [1921946]\n- netlink: add mask validation (Marcelo Ricardo Leitner) [1921946]\n- netlink: create helpers for checking type is an int (Marcelo Ricardo Leitner) [1921946]\n- netlink: policy: correct validation type check (Marcelo Ricardo Leitner) [1921946]\n- netlink: make NLA_BINARY validation more flexible (Marcelo Ricardo Leitner) [1921946]\n[4.18.0-299]\n- md: Set prev_flush_start and flush_bio in an atomic way (Xiao Ni) [1901598]\n- md: improve variable names in md_flush_request() (Xiao Ni) [1901598]\n- hpsa: fix regression issue for old controllers (Joseph Szczypek) [1925711]\n- scsi: hpsa: Correct dev cmds outstanding for retried cmds (Joseph Szczypek) [1925711]\n- vt: Disable KD_FONT_OP_COPY (Dave Airlie) [1903937] {CVE-2020-28974}\n- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1937558]\n- drm/i915/tgl/psr: Disable PSR on Tigerlake for now (Lyude Paul) [1924702]\n- dm raid: fix discard limits for raid0 and raid10 (Mike Snitzer) [1934274]\n- dm: fix __send_changing_extent_only to avoid duplicate dm_target_offset() (Mike Snitzer) [1934274]\n- mm/hugetlb.c: fix unnecessary address expansion of pmd sharing (Waiman Long) [1934212]\n- mm: memcontrol: fix slub memory accounting (Waiman Long) [1934212]\n- mm: memcontrol: fix swap undercounting in cgroup2 (Waiman Long) [1934212]\n- mm: memcontrol: fix NR_ANON_THPS accounting in charge moving (Waiman Long) [1934212]\n- mm, slub: better heuristic for number of cpus when calculating slab order (Waiman Long) [1934212]\n- Revert 'mm: memcontrol: avoid workload stalls when lowering memory.high' (Waiman Long) [1934212]\n- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (Hangbin Liu) [1931732]\n- selftests/bpf: No need to drop the packet when there is no geneve opt (Hangbin Liu) [1931732]\n[4.18.0-298]\n- drm/i915/gen11+: Only load DRAM information from pcode (Lyude Paul) [1934537]\n- drm/i915/dg1: Wait for pcode/uncore handshake at startup (Lyude Paul) [1934537]\n- powercap/intel_rapl: add support for TigerLake Desktop (David Arcari) [1932457]\n- powerpc/perf: Fix handling of privilege level checks in perf interrupt context (Gustavo Luiz Duarte) [1918411]\n- NFSv4.2: fix error return on memory allocation failure (Scott Mayhew) [1917689]\n- NFSv4.2: improve page handling for GETXATTR (Scott Mayhew) [1917689]\n- NFSv4.2: Fix up the get/listxattr calls to rpc_prepare_reply_pages() (Scott Mayhew) [1917689]\n- NFS: Fix rpcrdma_inline_fixup() crash with new LISTXATTRS operation (Scott Mayhew) [1917689]\n- SUNRPC: Fix up xdr_set_page() (Benjamin Coddington) [1917689]\n- NFSv4: Fix open coded xdr_stream_remaining() (Benjamin Coddington) [1917689]\n- SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (Benjamin Coddington) [1917689]\n- SUNRPC: Fix up xdr_read_pages() to take arbitrary object lengths (Benjamin Coddington) [1917689]\n- SUNRPC: Clean up helpers xdr_set_iov() and xdr_set_page_base() (Benjamin Coddington) [1917689]\n- SUNRPC: Split out a function for setting current page (Benjamin Coddington) [1917689]\n- SUNRPC: Fix up typo in xdr_init_decode() (Benjamin Coddington) [1917689]\n- NFSv4: Fix the alignment of page data in the getdeviceinfo reply (Benjamin Coddington) [1917689]\n- net: fix pos incrementment in ipv6_route_seq_next (Lorenzo Bianconi) [1926608]\n- ipv6_route_seq_next should increase position index (Lorenzo Bianconi) [1926608]\n- bpf: Clear subreg_def for global function return values (Yauheni Kaliuta) [1934062]\n- igc: Fix returning wrong statistics (Corinna Vinschen) [1910873]\n[4.18.0-297]\n- KVM: SVM: Make symbol 'svm_gp_erratum_intercept' static (Paolo Bonzini) [1769283]\n- KVM: SVM: Fix #GP handling for doubly-nested virtualization (Paolo Bonzini) [1769283]\n- KVM: SVM: Add support for SVM instruction address check change (Paolo Bonzini) [1769283]\n- KVM: SVM: Add emulation support for #GP triggered by SVM instructions (Paolo Bonzini) [1769283]\n- KVM: x86: Factor out x86 instruction emulation with decoding (Paolo Bonzini) [1769283]\n- gfs2: In gfs2_ail1_start_one unplug the IO when needed (Bob Peterson) [1648446]\n- gfs2: Free rd_bits later in gfs2_clear-rgrpd to fix use-after-free (Bob Peterson) [1648446]\n- gfs2: Only access gl_delete for iopen glocks (Bob Peterson) [1648446]\n- gfs2: Fix case in which ail writes are done to jdata holes (Bob Peterson) [1648446]\n- gfs2: simplify gfs2_block_map (Bob Peterson) [1648446]\n- gfs2: Only set PageChecked if we have a transaction (Bob Peterson) [1648446]\n- gfs2: dont lock sd_ail_lock in gfs2_releasepage (Bob Peterson) [1648446]\n- gfs2: make gfs2_ail1_empty_one return the count of active items (Bob Peterson) [1648446]\n- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe (Bob Peterson) [1648446]\n- gfs2: enhance log_blocks trace point to show log blocks free (Bob Peterson) [1648446]\n- gfs2: rename gfs2_write_full_page to gfs2_write_jdata_page, remove parm (Bob Peterson) [1648446]\n- PM: hibernate: flush swap writer after marking (Lenny Szubowicz) [1898677]\n- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (Lenny Szubowicz) [1898677]\n- PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (Lenny Szubowicz) [1898677]\n- bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation (Jiri Benc) [1882215]\n- ice, xsk: clear the status bits for the next_to_use descriptor (Jiri Benc) [1906820]\n- net/mlx4_en: Handle TX error CQE (Alaa Hleihel) [1925690]\n- net/mlx4_en: Avoid scheduling restart task if it is already running (Alaa Hleihel) [1925690]\n- blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in hctx_may_queue (Ming Lei) [1922013]\n- blk-mq: Improve performance of non-mq IO schedulers with multiple HW queues (Ming Lei) [1922013]\n- Revert 'blk-mq, elevator: Count requests per hctx to improve performance' (Ming Lei) [1922013]\n- bpftool: Disable CAP_BPF check for feature command (Jiri Olsa) [1921542]\n- RDMA/siw: Fix calculation of tx_valid_cpus size (Kamal Heib) [1919502]\n- net/mlx5e: Disable performance optimization for IPv4/IPv6 ethertype (Alaa Hleihel) [1928671 1919807]\n- IB/mlx5: Return appropriate error code instead of ENOMEM (Alaa Hleihel) [1928671]\n- net/mlx5: Disable devlink reload for lag devices (Alaa Hleihel) [1928671 1929166]\n- net/mlx5: Disable devlink reload for multi port slave device (Alaa Hleihel) [1928671 1929166]\n- net/mlx5: Disallow RoCE on lag device (Alaa Hleihel) [1928671 1929166]\n- net/mlx5: Disallow RoCE on multi port slave device (Alaa Hleihel) [1928671 1929166]\n- net/mlx5: Fix health error state handling (Alaa Hleihel) [1928671]\n- net/mlx5e: Change interrupt moderation channel params also when channels are closed (Alaa Hleihel) [1928671]\n- net/mlx5e: Dont change interrupt moderation params when DIM is enabled (Alaa Hleihel) [1928671]\n- net/mlx5e: E-switch, Fix rate calculation for overflow (Alaa Hleihel) [1928671]\n- net/mlx5e: Release skb in case of failure in tc update skb (Alaa Hleihel) [1928671 1929119]\n- net/mlx5e: Check tunnel offload is required before setting SWP (Alaa Hleihel) [1928671 1925439]\n- net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context (Alaa Hleihel) [1928671 1928706]\n- net/mlx5e: Fix CQ params of ICOSQ and async ICOSQ (Alaa Hleihel) [1928671 1928706]\n- net/mlx5e: Replace synchronize_rcu with synchronize_net (Alaa Hleihel) [1928671 1913616]\n- net/mlx5e: Enable XDP for Connect-X IPsec capable devices (Alaa Hleihel) [1928671 1856795]\n- net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (Alaa Hleihel) [1928671 1926120]\n- fix regression in 'epoll: Keep a reference on files added to the check list' (Carlos Maiolino) [1920776] {CVE-2020-0466}\n- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920776] {CVE-2020-0466}\n- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920776] {CVE-2020-0466}\n[4.18.0-296]\n- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (Prarit Bhargava) [1766743]\n- perf/x86/intel/uncore: Store the logical die id instead of the physical die id. (Prarit Bhargava) [1766743]\n- mm: fix page reference leak in soft_offline_page() (Aristeu Rozanski) [1768372]\n- mm,hwpoison: try to narrow window race for free pages (Aristeu Rozanski) [1768372]\n- mm,hwpoison: double-check page count in __get_any_page() (Aristeu Rozanski) [1768372]\n- mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Aristeu Rozanski) [1768372]\n- mm,hwpoison: return 0 if the page is already poisoned in soft-offline (Aristeu Rozanski) [1768372]\n- mm,hwpoison: refactor soft_offline_huge_page and __soft_offline_page (Aristeu Rozanski) [1768372]\n- mm,hwpoison: rework soft offline for in-use pages (Aristeu Rozanski) [1768372]\n- mm,hwpoison: rework soft offline for free pages (Aristeu Rozanski) [1768372]\n- mm,hwpoison: unify THP handling for hard and soft offline (Aristeu Rozanski) [1768372]\n- mm,hwpoison: kill put_hwpoison_page (Aristeu Rozanski) [1768372]\n- mm,hwpoison: refactor madvise_inject_error (Aristeu Rozanski) [1768372]\n- mm,hwpoison: unexport get_hwpoison_page and make it static (Aristeu Rozanski) [1768372]\n- mm,hwpoison-inject: dont pin for hwpoison_filter (Aristeu Rozanski) [1768372]\n- mm, hwpoison: remove recalculating hpage (Aristeu Rozanski) [1768372]\n- mm,hwpoison: cleanup unused PageHuge() check (Aristeu Rozanski) [1768372]\n- mm/madvise.c: replace with page_size() in madvise_inject_error() (Aristeu Rozanski) [1768372]\n- mm, soft-offline: convert parameter to pfn (Aristeu Rozanski) [1768372]\n- tick/nohz: Revert 'Narrow down noise while setting current tasks tick dependency' (Waiman Long) [1931004]\n- kvm: Add kvm_stat.service file and kvm_stat logrotate config to the tools (Thomas Huth) [1919930]\n- igc: fix link speed advertising (Corinna Vinschen) [1769701]\n- [crypto] crypto: qat - add capability detection logic in qat_4xxx (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add AES-XTS support for QAT GEN4 devices (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add AES-CTR support for QAT GEN4 devices (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - fix excluded_middle.cocci warnings (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add qat_4xxx driver (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add hook to initialize vector routing table (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - target fw images to specific AEs (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add gen4 firmware loader (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add support for broadcasting mode (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add support for shared ustore (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - allow to target specific AEs (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add FCU CSRs to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add CSS3K support (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - use ae_mask (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add check for null pointer (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add misc control CSR to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add wake up event to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add clock enable CSR to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add reset CSR and mask to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add local memory size to chip info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add support for lm2 and lm3 (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add next neighbor to chip_info (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - replace check based on DID (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - introduce chip info structure (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - refactor long expressions (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - refactor qat_uclo_set_ae_mode() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - move defines to header files (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove global CSRs helpers (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - refactor AE start (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - change micro word data mask (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - change type for ctx_mask (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add support for relative FW ucode loading (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - rename qat_uclo_del_uof_obj() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - introduce additional parenthesis (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove unnecessary parenthesis (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - fix error message (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - fix CSR access (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - support for mof format in fw loader (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - replace pci with PCI in comments (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove cast for mailbox CSR (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove unneeded semicolon (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - extend ae_mask (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - allow for instances in different banks (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - refactor qat_crypto_dev_config() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - refactor qat_crypto_create_instances() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - change return value in adf_cfg_key_val_get() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - change return value in adf_cfg_add_key_value_param() (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove unnecessary void* casts (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - call functions in adf_sriov if available (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove hardcoded bank irq clear flag mask (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - abstract writes to arbiter enable (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - use BIT_ULL() - 1 pattern for masks (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - replace constant masks with GENMASK (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - abstract build ring base (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - enable ring after pair is programmed (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - register crypto instances based on capability (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add support for capability detection (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - abstract arbiter access (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove unused macros in arbiter module (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove writes into WQCFG (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - update constants table (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - use admin mask to send fw constants (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - change admin sequence (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - rename ME in AE (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - add packed to init admin structures (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - abstract admin interface (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - relocate GEN2 CSR access code (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - split transport CSR access logic (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - fix configuration of iov threads (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - num_rings_per_bank is device dependent (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - mask device capabilities with soft straps (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - update IV in software (Vladis Dronov) [1833004]\n- [crypto] crypto: qat - remove unused function (Vladis Dronov) [1833004]\n[4.18.0-295]\n- mptcp: send ack for every add_addr (Davide Caratti) [1929280]\n- Revert '[net] tcp: change pingpong threshold to 3' (Davide Caratti) [1929280]\n- powerpc/pseries: Dont enforce MSI affinity with kdump (Greg Kurz) [1919427]\n- rtc: disallow update interrupts when time is invalid (Waiman Long) [1918288]\n- rtc: disable uie before setting time and enable after (Waiman Long) [1918288]\n- rtc: dont reference bogus function pointer in kdoc (Waiman Long) [1918288]\n- KVM: x86/mmu: Expand collapsible SPTE zap for TDP MMU to ZONE_DEVICE and HugeTLB pages (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Allow parallel page faults for the TDP MMU (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Mark SPTEs in disconnected pages as removed (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Flush TLBs after zap in TDP MMU PF handler (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Use atomic ops to set SPTEs in TDP MMU map (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Factor out functions to add/remove TDP MMU pages (Paolo Bonzini) [1897366]\n- i915: kvmgt: the KVM mmu_lock is now an rwlock (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Use an rwlock for the x86 MMU (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Protect TDP MMU page table memory with RCU (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Clear dirtied pages mask bit before early break (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Skip no-op changes in TDP MMU functions (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Ensure forward progress when yielding in TDP MMU iter (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Rename goal_gfn to next_last_level_gfn (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Merge flush and non-flush tdp_mmu_iter_cond_resched (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Fix braces in kvm_recover_nx_lpages (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Factor out handling of removed page tables (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Dont redundantly clear TDP MMU pt memory (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Add lockdep when setting a TDP MMU SPTE (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: Add comment on __tdp_mmu_set_spte (Paolo Bonzini) [1897366]\n- KVM: x86/mmu: change TDP MMU yield function returns to match cond_resched (Paolo Bonzini) [1897366]\n- locking/arch: Move qrwlock.h include after qspinlock.h (Paolo Bonzini) [1897366]\n- sched: Add cond_resched_rwlock (Paolo Bonzini) [1897366]\n- sched: Add needbreak for rwlocks (Paolo Bonzini) [1897366]\n- locking/rwlocks: Add contention detection for rwlocks (Paolo Bonzini) [1897366]\n- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (Kamal Heib) [1919395]\n- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925600] {CVE-2021-26708}\n- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925600] {CVE-2021-26708}\n- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925600] {CVE-2021-26708}\n- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925600] {CVE-2021-26708}\n- ahci: Add missing Intel Emmitsburg PCH RAID PCI IDs (David Arcari) [1928789]\n- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1912448]\n- [sound] ALSA: hda/via: Fix runtime PM for Clevo W35xSS (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Add two 'Intel Reference board' SSID in the ALC256 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Add mute LED quirk for more HP laptops (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Modify Dell platform name (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Add quirk for MSI-GP73 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Supported Dell fixed type headset (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/hdmi: Fix incorrect mutex unlock in silent_stream_disable() (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/hdmi: packet buffer index must be set before reading value (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/hdmi: always print pin NIDs as hexadecimal (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/hdmi: fix silent stream for first playback to DP (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/conexant: add a new hda codec CX11970 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda: Fix regressions on clear and reconfig sysfs (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/proc - print DP-MST connections (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda - Fix the return value if cb func is already registered (Jaroslav Kysela) [1916102]\n- [sound] ALSA: mixart: Fix mutex deadlock (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Add new codec supported for ALC897 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - HP Headset Mic cant detect after boot (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Add supported mute Led for HP (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Enable headphone for ASUS TM420 (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/realtek - Fixed HP headset Mic cant be detected (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda/generic: Add option to enforce preferred_dacs pairs (Jaroslav Kysela) [1916102]\n- [sound] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (Jaroslav Kysela) [1916102]\n- [sound] ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (Jaroslav Kysela) [1916102]\n- [fs] gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end (Andreas Grunbacher) [1926852]\n- [net] netfilter: nf_tables: coalesce multiple notifications into one skbuff (Phil Sutter) [1855207]\n- [drm] drm/i915/rkl: new rkl ddc map for different PCH (Lyude Paul) [1910761]\n- [drm] drm/nouveau: fix dma syncing warning with debugging on (Lyude Paul) [1915548]\n- [drm] drm/i915: Update TGL and RKL HuC firmware versions (Lyude Paul) [1924209]\n- [drm] drm/i915/tgl, rkl: Make Wa_1606700617/22010271021 permanent (Lyude Paul) [1924209]\n- [drm] drm/i915: Update gen12 forcewake table (Lyude Paul) [1924209]\n- [drm] drm/i915: Rename FORCEWAKE_BLITTER to FORCEWAKE_GT (Lyude Paul) [1924209]\n- [drm] drm/i915/display/fbc: Implement WA 22010751166 (Lyude Paul) [1924209]\n- [drm] drm/i915: Tweaked Wa_14010685332 for PCHs used on gen11 platforms (Lyude Paul) [1924209]\n- [drm] drm/i915: Reorder hpd init vs. display resume (Lyude Paul) [1921868]\n- [drm] drm/i915/dp: Dont use DPCD backlights that need PWM enable/disable (Lyude Paul) [1885406]\n- [drm] drm/dp: Revert 'drm/dp: Introduce EDID-based quirks' (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Allow forcing specific interfaces through enable_dpcd_backlight (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Enable Intels HDR backlight interface (only SDR for now) (Lyude Paul) [1885406]\n- [drm] drm/i915: Keep track of pwm-related backlight hooks separately (Lyude Paul) [1885406]\n- [drm] drm/i915: Pass port to intel_panel_bl_funcs.get() (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Add register definitions for Intel HDR backlight interface (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Rename eDP VESA backlight interface functions (Lyude Paul) [1885406]\n- [drm] drm/i915: Pass down brightness values to enable/disable backlight callbacks (Lyude Paul) [1885406]\n- [drm] drm/i915: Rename pwm_* backlight callbacks to ext_pwm_* (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Program source OUI on eDP panels (Lyude Paul) [1885406]\n- [drm] drm/i915: refactor panel backlight control functions. (v2) (Lyude Paul) [1885406]\n- [drm] drm/i915/backlight: fix CPU mode backlight takeover on LPT (Lyude Paul) [1885406]\n- [drm] drm/i915/dpcd_bl: uncheck PWM_PIN_CAP when detect eDP backlight capabilities (Lyude Paul) [1885406]\n- [drm] drm/i915: panel: Add get_vbt_pwm_freq() helper (Lyude Paul) [1885406]\n- [drm] drm/i915/dp: Tweak initial dpcd backlight.enabled value (Lyude Paul) [1885406]\n- [drm] kms: handle mDP connectors (Lyude Paul) [1876992]\n- [drm] drm/i915/tgl: Fix Combo PHY DPLL fractional divider for 38.4MHz ref clock (Lyude Paul) [1876992]\n- [drm] drm/i915/rkl: Add new cdclk table (Lyude Paul) [1876992]\n- [drm] drm/i915/rkl: Handle HTI (Lyude Paul) [1876992]\n- [drm] drm/i915/rkl: Add DPLL4 support (Lyude Paul) [1876992]\n- [drm] drm/i915/rkl: Add initial workarounds (Lyude Paul) [1876992]\n- [drm] drm/i915/rkl: Handle new DPCLKA_CFGCR0 layout (Lyude Paul) [1876992]\n- [drm] drm/i915: Update TGL and RKL DMC firmware versions (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Program mocs:63 for cache eviction on gen9 (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Limit frequency drop to RPe on parking (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Retain default context state across shrinking (Lyude Paul) [1876992]\n- [drm] drm/amdgpu/vcn3.0: remove old DPG workaround (Lyude Paul) [1876992]\n- [drm] drm/amdgpu/vcn3.0: stall DPG when WPTR/RPTR reset (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Fixup tgl mocs for PTE tracking (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: add rlc iram and dram firmware support (Lyude Paul) [1876992]\n- [drm] drm/nouveau: fix relocations applying logic and a double-free (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Avoid HDCP initialization in devices without output (Lyude Paul) [1876992]\n- [drm] drm/amd/amdgpu: fix null pointer in runtime pm (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: update golden setting for sienna_cichlid (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: fix a page fault (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: fix SI UVD firmware validate resume fail (Lyude Paul) [1876992]\n- [drm] drm/i915/tgl: Fix Media power gate sequence (Lyude Paul) [1876992]\n- [drm] drm/i915: Handle max_bpc==16 (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Add missing pflip irq for dcn2.0 (Lyude Paul) [1876992]\n- [drm] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank (Lyude Paul) [1876992]\n- [drm] drm/i915: Correctly set SFC capability for video engines (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Add missing pflip irq (Lyude Paul) [1876992]\n- [drm] drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running (Lyude Paul) [1876992]\n- [drm] drm/amd/pm: perform SMC reset on suspend/hibernation (Lyude Paul) [1876992]\n- [drm] drm/amd/pm: correct the baco reset sequence for CI ASICs (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: perform srbm soft reset always on SDMA resume (Lyude Paul) [1876992]\n- [drm] drm/i915/gem: Flush coherency domains on first set-domain-ioctl (Lyude Paul) [1876992]\n- [drm] drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Use the local HWSP offset during submission (Lyude Paul) [1876992]\n- [drm] drm/i915: Fix encoder lookup during PSR atomic check (Lyude Paul) [1876992]\n- [drm] drm/nouveau/gem: fix 'refcount_t: underflow; use-after-free' (Lyude Paul) [1876992]\n- [drm] drm/nouveau/nouveau: fix the start/end range for migration (Lyude Paul) [1876992]\n- [drm] drm/amd/display: adding ddc_gpio_vga_reg_list to ddc reg defns (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Fixed panic during seamless boot (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: add DID for navi10 blockchain SKU (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: disable DCN and VCN for navi10 blockchain SKU(v3) (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: resolved ASD loading issue on sienna (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: update golden setting for sienna_cichlid (Lyude Paul) [1876992]\n- [drm] drm/nouveau/device: fix changing endianess code to work on older GPUs (Lyude Paul) [1876992]\n- [drm] drm/nouveau/kms/nv50-: Program notifier offset before requesting disp caps (Lyude Paul) [1876992]\n- [drm] drm/i915: Restore ILK-M RPS support (Lyude Paul) [1876992]\n- [drm] drm/i915: Reject 90/270 degree rotated initial fbs (Lyude Paul) [1876992]\n- [drm] drm/i915: Use the active reference on the vma while capturing (Lyude Paul) [1876992]\n- [drm] drm/i915: Mark ininitial fb obj as WT on eLLC machines to avoid rcu lockup during fbdev init (Lyude Paul) [1876992]\n- [drm] drm/i915: Exclude low pages (128KiB) of stolen from use (Lyude Paul) [1876992]\n- [drm] drm/i915: Drop runtime-pm assert from vgpu io accessors (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Delay execlist processing for tgl (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Undo forced context restores after trivial preemptions (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Initialize reserved and unspecified MOCS indices (Lyude Paul) [1876992]\n- [drm] drm/i915: Fix TGL DKL PHY DP vswing handling (Lyude Paul) [1876992]\n- [drm] drm/i915: Avoid mixing integer types during batch copies (Lyude Paul) [1876992]\n- [drm] drm/i915: Cancel outstanding work after disabling heartbeats on an engine (Lyude Paul) [1876992]\n- [drm] drm/i915: Break up error capture compression loops with cond_resched() (Lyude Paul) [1876992]\n- [drm] drm/i915/gt: Always send a pulse down the engine after disabling heartbeat (Lyude Paul) [1876992]\n- [drm] drm/i915/gem: Always test execution status on closing the context (Lyude Paul) [1876992]\n- [drm] drm/i915/gem: Prevent using pgprot_writecombine() if PAT is not supported (Lyude Paul) [1876992]\n- [drm] drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: correct the cu and rb info for sienna cichlid (Lyude Paul) [1876992]\n- [drm] drm/amd/psp: Fix sysfs: cannot create duplicate filename (Lyude Paul) [1876992]\n- [drm] drm/amd/swsmu: add missing feature map for sienna_cichlid (Lyude Paul) [1876992]\n- [drm] drm/amd/pm: fix pp_dpm_fclk (Lyude Paul) [1876992]\n- [drm] drm/amd/pm: increase mclk switch threshold to 200 us (Lyude Paul) [1876992]\n- [drm] drm/amdgpu/swsmu: drop smu i2c bus on navi1x (Lyude Paul) [1876992]\n- [drm] drm/ttm: fix eviction valuable range check (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Fix kernel panic by dal_gpio_open() error (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Dont invoke kgdb_breakpoint() unconditionally (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: increase the reserved VM size to 2MB (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: add function to program pbb mode for sienna cichlid (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Avoid MST manager resource leak (Lyude Paul) [1876992]\n- [drm] drm/amdkfd: Use same SQ prefetch setting as amdgpu (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: correct the gpu reset handling for job != NULL case (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: update golden setting for sienna_cichlid (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: vcn and jpeg ring synchronization (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Increase timeout for DP Disable (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Fix incorrect backlight register offset for DCN (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: dont map BO in reserved region (Lyude Paul) [1876992]\n- [drm] drm/shme-helpers: Fix dma_buf_mmap forwarding bug (Lyude Paul) [1876992]\n- [drm] drm/i915: Force VTd workarounds when running as a guest OS (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Avoid set zero in the requested clk (Lyude Paul) [1876992]\n- [drm] drm/amd/display: HDMI remote sink need mode validation for Linux (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: No sysfs, not an error condition (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Check clock table return (Lyude Paul) [1876992]\n- [drm] drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Lyude Paul) [1876992]\n- [drm] drm/vkms: avoid warning in vkms_get_vblank_timestamp (Lyude Paul) [1876992]\n- [drm] drm/bridge_connector: Set default status connected for eDP connectors (Lyude Paul) [1876992]\n- [drm] drm/scheduler: Scheduler priority fixes (v2) (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: restore ras flags when user resets eeprom(v2) (Lyude Paul) [1876992]\n- [drm] drm/i915/gem: Serialise debugfs i915_gem_objects with ctx->mutex (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Disconnect pipe separetely when disable pipe split (Lyude Paul) [1876992]\n- [drm] drm/hisilicon: Code refactoring for hibmc_drv_de (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Screen corruption on dual displays (DP+USB-C) (Lyude Paul) [1876992]\n- [drm] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: Fix invalid number of character '{' in amdgpu_acpi_init (Lyude Paul) [1876992]\n- [drm] drm/amdgpu: fix max_entries calculation v4 (Lyude Paul) [1876992]\n- [drm] drm/crc-debugfs: Fix memleak in crc_control_write (Lyude Paul) [1876992]\n- [drm] drm/gma500: fix error check (Lyude Paul) [1876992]\n- [drm] drm/amd/display: fix potential integer overflow when shifting 32 bit variable bl_pwm (Lyude Paul) [1876992]\n- [drm] drm/vkms: add missing platform_device_unregister() in vkms_init() (Lyude Paul) [1876992]\n- [drm] drm/vgem: add missing platform_device_unregister() in vgem_init() (Lyude Paul) [1876992]\n- [drm] drm/amd/display: Fix wrong return value in dm_update_plane_state() (Lyude Paul) [1876992]\n- [drm] drm/vkms: fix xrgb on compute crc (Lyude Paul) [1876992]\n- [iommu] iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (Vitaly Kuznetsov) [1915038]\n- [iommu] iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (Vitaly Kuznetsov) [1915038]\n- [iommu] iommu/amd: Fix union of bitfields in intcapxt support (Vitaly Kuznetsov) [1915038]\n- [iommu] iommu/amd: Fix kerneldoc comments (Vitaly Kuznetsov) [1915038]\n- [x86] x86/irq: Prepare consolidation of irq_alloc_info (Vitaly Kuznetsov) [1915038]\n- [iommu] iommu/amd: Use msi_msg shadow structs (Vitaly Kuznetsov) [1915038]\n- [iommu] x86_irq_Rename_X86_IRQ_ALLOC_TYPE_MSI_to_reflect_PCI_dependency (Vitaly Kuznetsov) [1915038]\n- [netdrv] Revert 'e1000e: disable s0ix entry and exit flows for ME systems' (Ken Cox) [1872412]\n- [netdrv] e1000e: fix S0ix flow to allow S0i3.2 subset entry (Ken Cox) [1872412]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2021-0342"], "modified": "2021-05-25T00:00:00", "id": "ELSA-2021-1578", "href": "http://linux.oracle.com/errata/ELSA-2021-1578.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-07-30T06:24:40", "description": "[4.1.12-124.39.1]\n- qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] \n- qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] \n- brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503}\n- percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] \n- blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] \n- fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] \n- jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] \n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056}\n- drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346}\n[4.1.12-124.38.5]\n- i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: prevent service task from running while we're suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: don't clear suspended state until we finish resuming (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: relax warning message in case of version mismatch (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: simplify member variable accesses (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n- i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}\n[4.1.12-124.38.4]\n- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208622] {CVE-2019-19532}\n- qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug: 30890687] \n- scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran) [Orabug: 30890687] \n- scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio) [Orabug: 30890687] \n- vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143947] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647}\n- HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527}\n- HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527}\n- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31233769] {CVE-2019-19523}\n[4.1.12-124.38.3]\n- ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni) [Orabug: 30292825] \n- vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648}\n- vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648}\n- vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} {CVE-2020-8648}\n- xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino) [Orabug: 31030659] \n- xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [Orabug: 31032831] \n- xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong) [Orabug: 31034071] \n- mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104481] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816}\n[4.1.12-124.38.2]\n- rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770962] {CVE-2016-5244}\n- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 30944736] \n- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30944736] \n- xfs: increase the default parallelism levels of pwork clients (Junxiao Bi) [Orabug: 30944736] \n- xfs: decide if inode needs inactivation (Junxiao Bi) [Orabug: 30944736] \n- xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi) [Orabug: 30944736] \n- floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067516] {CVE-2020-9383}\n- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118691] \n- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136753] {CVE-2020-11494}", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5244", "CVE-2017-7346", "CVE-2019-0139", "CVE-2019-0140", "CVE-2019-0144", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-19056", "CVE-2019-19523", "CVE-2019-19527", "CVE-2019-19532", "CVE-2019-9503", "CVE-2020-11494", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2020-05-06T00:00:00", "id": "ELSA-2020-5670", "href": "http://linux.oracle.com/errata/ELSA-2020-5670.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T10:28:13", "description": "[4.14.35-1902.303.4.1]\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31422209] {CVE-2020-0543}\n[4.14.35-1902.303.4]\n- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] \n- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] \n- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]\n[4.14.35-1902.303.3]\n- scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Maurizio Lombardi) [Orabug: 31374726] \n- scsi: target: remove boilerplate code (Maurizio Lombardi) [Orabug: 31374726] \n- KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 31352999] \n- KSPLICE: mips: signals the freezer when were coming from the entry code. (Quentin Casasnovas) [Orabug: 31352999] \n- libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351306] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897}\n- KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350457] {CVE-2020-12768}\n- Fix up usage of cfg_enable_fc4_TYPE for backport to UEK5 (Dick Kennedy) [Orabug: 31344936] \n- scsi: lpfc: Fix unexpected error messages during RSCN handling (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix port relogin failure due to GID_FT interaction (James Smart) [Orabug: 31344936] \n- scsi: lpfc: Fix discovery failures when target device connectivity bounces (James Smart) [Orabug: 31344936] \n- NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357279] \n- NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357279] \n- slcan: not call free_netdev before rtnl_unlock in slcan_open (Oliver Hartkopp) [Orabug: 31314977] \n- can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31314977] \n- can: slcan: Fix use-after-free Read in slcan_open (Jouni Hogander) [Orabug: 31314977] \n- slcan: Fix memory leak in error path (Jouni Hogander) [Orabug: 31314977] \n- uek-rpm: aarch64 make olddefconfig after inline spinlocks (Tom Saeger) [Orabug: 31314977] \n- config-aarch64: enable CONFIG_MPLS_IPTUNNEL and CONFIG_BPF_JIT_ALWAYS_ON (Thomas Tai) [Orabug: 31314977] \n- config-aarch64: enable ISCSI_IBFT (Thomas Tai) [Orabug: 31314977] \n- iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND (Thomas Tai) [Orabug: 31314977] \n- config-aarch64: change CONFIG_HZ and CONFIG_FRAME_WARN (Thomas Tai) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Prevent any devices access to memory without registration (Zhen Lei) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Disable default event queue logging (Rick Farrington) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons (Geetha sowjanya) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU (Linu Cherian) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use burst-polling for sync completion (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Consolidate identical timeouts (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Split arm_smmu_cmdq_issue_sync in half (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Use CMD_SYNC completion MSI (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Forget about cmdq-sync interrupt (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Specialise CMD_SYNC handling (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Correct COHACC override message (Robin Murphy) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Avoid ILLEGAL setting of STE.S1STALLD and CD.S (Yisheng Xie) [Orabug: 31314977] \n- iommu/arm-smmu-v3: Ensure we sync STE when only changing config field (Will Deacon) [Orabug: 31314977] \n- iommu/arm-smmu: Remove ACPICA workarounds (Robin Murphy) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Disable default event queue logging' (Eric Snowberg) [Orabug: 31314977] \n- Revert 'iommu/arm-smmu-v3: Prevent any devices access to memory without registration' (Eric Snowberg) [Orabug: 31314977] \n- lib/list_sort: optimize number of calls to comparison function (George Spelvin) [Orabug: 31314977] \n- lib/list_sort: simplify and remove MAX_LIST_LENGTH_BITS (George Spelvin) [Orabug: 31314977] \n- lib/sort: avoid indirect calls to built-in swap (George Spelvin) [Orabug: 31314977] \n- lib/sort: use more efficient bottom-up heapsort variant (George Spelvin) [Orabug: 31314977] \n- lib/sort: make swap functions more generic (George Spelvin) [Orabug: 31314977] \n- KVM: arm/arm64: Only skip MMIO insn once (Andrew Jones) [Orabug: 31314977] \n- arm64: topology: divorce MC scheduling domain from core_siblings (Jeremy Linton) [Orabug: 31314977] \n- ACPI: Add PPTT to injectable table list (Jeremy Linton) [Orabug: 31314977] \n- arm64: topology: enable ACPI/PPTT based CPU topology (Jeremy Linton) [Orabug: 31314977] \n- arm64: topology: rename cluster_id (Jeremy Linton) [Orabug: 31314977] \n- drivers: base cacheinfo: Add support for ACPI based firmware tables (Jeremy Linton) [Orabug: 31314977] \n- ACPI: Enable PPTT support on ARM64 (Jeremy Linton) [Orabug: 31314977] \n- ACPI/PPTT: Add Processor Properties Topology Table parsing (Jeremy Linton) [Orabug: 31314977] \n- arm64/acpi: Create arch specific cpu to acpi id helper (Jeremy Linton) [Orabug: 31314977] \n- cacheinfo: rename of_node to fw_token (Jeremy Linton) [Orabug: 31314977] \n- drivers: base: cacheinfo: setup DT cache properties early (Jeremy Linton) [Orabug: 31314977] \n- drivers: base: cacheinfo: move cache_setup_of_node() (Jeremy Linton) [Orabug: 31314977] \n- ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA (Suman Tripathi) [Orabug: 31314977] \n- arm64: locking: Replace ticket lock implementation with qspinlock (Will Deacon) [Orabug: 31314977] \n- arm64: kconfig: Ensure spinlock fastpaths are inlined if !PREEMPT (Will Deacon) [Orabug: 31314977] \n- arm64: barrier: Implement smp_cond_load_relaxed (Will Deacon) [Orabug: 31314977] \n- PM / core: fix deferred probe breaking suspend resume order (Feng Kan) [Orabug: 31314977] \n- netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351445] \n- RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31127373] \n- uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358100]\n[4.14.35-1902.303.2]\n- KVM: x86: degrade WARN to pr_warn_ratelimited (Paolo Bonzini) [Orabug: 31333678] \n- kvm: x86/vmx: Use kzalloc for cached_vmcs12 (Tom Roeder) [Orabug: 31333678] \n- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (Liran Alon) [Orabug: 31333678] \n- net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (Navid Emamdoost) [Orabug: 31301340] {CVE-2019-19045}\n- mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222291] {CVE-2019-12819}\n- scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 31331073] \n- scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Himanshu Madhani) [Orabug: 31331073] \n- nvme: Fix device removal of qla2xxx.ko causing sysfs_warn_dup() warning. (John Donnelly) [Orabug: 31322530] \n- USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317666] {CVE-2019-19537}\n- rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302707] \n- ocfs2: fix panic due to ocfs2_wq is null (Yi Li) [Orabug: 31117439] \n- mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (Yang Shi) [Orabug: 30969300] \n- NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 30594625] \n- NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 30594625] \n- KVM: x86: clear SMM flags before loading state while leaving SMM (Sean Christopherson) [Orabug: 31317296] \n- KVM: x86: Open code kvm_set_hflags (Sean Christopherson) [Orabug: 31317296] \n- KVM: x86: Load SMRAM in a single shot when leaving SMM (Sean Christopherson) [Orabug: 31317296] \n- scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: unregister ports after GPN_FT failure (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: dont use zero for FC4_PRIORITY_NVME (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: initialize fc4_type_priority (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a dma_pool_free() call (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove an include directive (Bart Van Assche) [Orabug: 30846292] \n- qla2xxx: Update driver version to 10.01.00.21.76.2-k (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix device connect issues in P2P configuration (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix SRB leak on switch command timeout (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Improve logging for scan thread (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Set remove flag for all VP (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Dual FCP-NVMe target port support (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: remove redundant assignment to pointer host (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: fix NPIV tear down process (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix partial flash write of MBI (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (Daniel Wagner) [Orabug: 30846292] \n- scsi: qla2xxx: Fix Nport ID display value (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix N2N link up fail (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix N2N link reset (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Optimize NPIV tear down process (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stale mem access on driver unload (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Silence fwdump template message (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stale session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix stuck login session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix driver reload for ISP82xx (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix flash read for Qlogic ISPs (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a recently introduced kernel warning (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: cleanup trace buffer initialization (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (Martin Wilck) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a NULL pointer dereference (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous if-tests (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Report invalid mailbox status codes (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove superfluous sts_entry_* casts (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make sure that aborted commands are freed (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check secondary image if reading the primary image fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a soft reset fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check the PCI info string output buffer size (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if waiting for pending commands times out (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify a debug statement (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove dead code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if parsing the version string fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a mailbox command times out (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use strlcpy() instead of strncpy() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Report the firmware status code if a mailbox command fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous tests (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a superfluous pointer check (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qlt_lport_dump() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Reduce the number of casts in GID list code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Verify locking assumptions at runtime (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change data_dsd into an array (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a superfluous forward declaration (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove an include directive from qla_mr.c (Bart Van Assche) [Orabug: 30846292] \nheader file from qla_dsd.h (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use tabs instead of spaces for indentation (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Improve Linux kernel coding style conformance (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hang in fcport delete path (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Correct error handling during initialization failures (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix premature timer expiration (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Skip FW dump on LOOP initialization error (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use Correct index for Q-Pair array (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Replace vmalloc + memset with vzalloc (Chuhong Yuan) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unnecessary null check (YueHaibing) [Orabug: 30846292] \n- qla2xxx: remove SGI SN2 support (Christoph Hellwig) [Orabug: 30846292] \n- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: on session delete, return nvme cmd (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (Enzo Matsumiya) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hardlockup in abort command during driver remove (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (Arun Easi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix NPIV handling for FC-NVMe (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Add cleanup for PCI EEH recovery (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix hardirq-unsafe locking (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain loudly about reference count underflow (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Check the size of firmware data structures at compile time (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Pass little-endian values to the firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 30846292] \n- qla2xxx: Fix DMA Buffer free for DIF Bundling (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove unnecessary locking from the target code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove qla_tgt_cmd.released (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Complain if a command is released that is owned by the firmware (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: target: Fix offline port handling and host reset handling (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Log the status code if a firmware command fails (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Uninline qla2x00_init_timer() (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove a set-but-not-used variable (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Update two source code comments (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Silence Successful ELS IOCB message (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix device staying in blocked state (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove two superfluous casts (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (Bart Van Assche) [Orabug: 30846292] \ninclude directive (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Move the port_state_str[] definition from a .h to a .c file (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Insert spaces where required (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix formatting of pointer types (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Leave a blank line after declarations (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use tabs to indent code (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Fix FC-AL connection target discovery (Quinn Tran) [Orabug: 30846292] \n- scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (Hannes Reinecke) [Orabug: 30846292] \n- scsi: tcm_qla2xxx: Minimize #include directives (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Unregister resources in the opposite order of the registration order (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use get/put_unaligned where appropriate (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Reduce the number of forward declarations (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Declare local symbols static (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (Bart Van Assche) [Orabug: 30846292] \n- scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Remove useless set memory to zero use memset() (YueHaibing) [Orabug: 30846292] \n- scsi: qla2xxx: Set remote port devloss timeout to 0 (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (Anil Gurumurthy) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanup fcport memory to prevent leak (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Fix fw dump corruption (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Further limit FLASH region write access from SysFS (Andrew Vasquez) [Orabug: 30846292] \n- scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Increase the max_sgl_segments to 1024 (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Set the SCSI command result before calling the command done (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Simplify conditional check again (Nathan Chancellor) [Orabug: 30846292] \n- scsi: qla2xxx: Fix a small typo in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] \n- scsi: qla2xxx: Fix comment alignment in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] \n- qla2xxx: Add 64GBIT Portspeed for Gen7 adapter (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Secure flash update support for ISP28XX (Michael Hernandez) [Orabug: 30846292] \n- scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Correction and improvement to fwdt processing (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Update flash read/write routine (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add support for multiple fwdump templates/segments (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Correctly report max/min supported speeds (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add Serdes support for ISP28XX (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add Device ID for ISP28XX (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Remove FW default template (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Add fw_attr and port_no SysFS node (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: check for kstrtol() failure (Dan Carpenter) [Orabug: 30846292] \n- scsi: qla2xxx: avoid printf format warning (Arnd Bergmann) [Orabug: 30846292] \n- scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (Giridhar Malavali) [Orabug: 30846292] \n- scsi: qla2xxx: Add new FW dump template entry types (Joe Carnuccio) [Orabug: 30846292] \n- scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Move marker request behind QPair (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Prevent SysFS access when chip is down (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Add support for setting port speed (Anil Gurumurthy) [Orabug: 30846292] \n- scsi: qla2xxx: Prevent multiple ADISC commands per session (Quinn Tran) [Orabug: 30846292] \n- scsi: qla2xxx: Check for FW started flag before aborting (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Fix unload when NVMe devices are configured (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: Add First Burst support for FC-NVMe devices (Darren Trapp) [Orabug: 30846292] \n- scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (Himanshu Madhani) [Orabug: 30846292] \n- scsi: qla2xxx: remove redundant null check on pointer sess (Colin Ian King) [Orabug: 30846292] \n- scsi: qla2xxx: Move debug messages before sending srb preventing panic (Bill Kuzeja) [Orabug: 30846292] \n- scsi: qla2xxx: Add mode control for each physical port (Quinn Tran) [Orabug: 30846292]\n[4.14.35-1902.303.1]\n- uek-rpm/ol7/config-mips64: Enable EDAC configs (Vijay Kumar) [Orabug: 31255403] \n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263146] {CVE-2019-19057}\n- loop: set PF_MEMALLOC_NOIO for the worker thread (Mikulas Patocka) [Orabug: 31292386] \n- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246301] {CVE-2019-19056}\n- MIPS: Add configs for audit (Vijay Kumar) [Orabug: 31245225] \n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 31245225] \n- media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224553] {CVE-2019-15505}\n- Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213690] {CVE-2019-19524}\n- Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200557] {CVE-2019-20636}\n- fm10k: update driver version to match out-of-tree (Jacob Keller) [Orabug: 31268827] \n- fm10k: add support for ndo_get_vf_stats operation (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing field initializers to TLV attributes) (Jacob Keller) [Orabug: 31268827] \n- fm10k: use a local variable for the frag pointer (Jacob Keller) [Orabug: 31268827] \n- fm10k: no need to check return value of debugfs_create functions (Greg Kroah-Hartman) [Orabug: 31268827] \n- fm10k: fix fm10k_get_fault_pf to read correct address (Jacob Keller) [Orabug: 31268827] \n- fm10k: convert NON_Q_VECTORS(hw) into NON_Q_VECTORS (Jacob Keller) [Orabug: 31268827] \n- fm10k: mark unused parameters with __always_unused (Jacob Keller) [Orabug: 31268827] \n- fm10k: cast page_addr to u8 * when incrementing it (Jacob Keller) [Orabug: 31268827] \n- fm10k: explicitly return 0 on success path in function (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove needless initialization of size local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove needless assignment of err local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: remove unnecessary variable initializer (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of the ring variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the result local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the local msg variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the local i variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the tx_buffer variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of the q_idx local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of local err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce the scope of qv local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of *p local variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce scope of the err variable (Jacob Keller) [Orabug: 31268827] \n- fm10k: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 31268827] \n- fm10k: use struct_size() in kzalloc() (Gustavo A. R. Silva) [Orabug: 31268827] \n- fm10k: TRIVIAL cleanup of extra spacing in function comment (Jacob Keller) [Orabug: 31268827] \n- fm10k: bump driver version to match out-of-tree release (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing device IDs to the upstream driver (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix SM mailbox full condition (Ngai-Mint Kwan) [Orabug: 31268827] \n- Documentation: fm10k: Add kernel documentation (Jeff Kirsher) [Orabug: 31268827] \n- fm10k: remove ndo_poll_controller (Eric Dumazet) [Orabug: 31268827] \n- fm10k: dont protect fm10k_queue_mac_request by fm10k_host_mbx_ready (Jacob Keller) [Orabug: 31268827] \n- fm10k: warn if the stat size is unknown (Jacob Keller) [Orabug: 31268827] \n- fm10k: use macro to avoid passing the array and size separately (Jacob Keller) [Orabug: 31268827] \n- fm10k: use variadic arguments to fm10k_add_stat_strings (Jacob Keller) [Orabug: 31268827] \n- fm10k: reduce duplicate fm10k_stat macro code (Jacob Keller) [Orabug: 31268827] \n- fm10k: setup VLANs for l2 accelerated macvlan interfaces (Jacob Keller) [Orabug: 31268827] \n- fm10k: Report PCIe link properties with pcie_print_link_status() (Bjorn Helgaas) [Orabug: 31268827] \n- fm10k: bump version number (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix incorrect warning for function prototype (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix function doxygen comments (Jacob Keller) [Orabug: 31268827] \n- fm10k: clarify action when updating the VLAN table (Ngai-Mint Kwan) [Orabug: 31268827] \n- fm10k: correct typo in fm10k_pf.c (Ngai-Mint Kwan) [Orabug: 31268827] \n- fm10k: dont assume VLAN 1 is enabled (Jacob Keller) [Orabug: 31268827] \n- fm10k: stop adding VLAN 0 to the VLAN table (Jacob Keller) [Orabug: 31268827] \n- fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (Jacob Keller) [Orabug: 31268827] \n- fm10k: Fix configuration for macvlan offload (Alexander Duyck) [Orabug: 31268827] \n- fm10k: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 31268827] \n- fm10k: prefer %s and __func__ for diagnostic prints (Jacob Keller) [Orabug: 31268827] \n- fm10k: Fix misuse of net_ratelimit() (Joe Perches) [Orabug: 31268827] \n- fm10k: bump version number (Jacob Keller) [Orabug: 31268827] \n- fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (Jacob Keller) [Orabug: 31268827] \n- fm10k: introduce a message queue for MAC/VLAN messages (Jacob Keller) [Orabug: 31268827] \n- fm10k: use generic PM hooks instead of legacy PCIe power hooks (Jacob Keller) [Orabug: 31268827] \n- fm10k: use spinlock to implement mailbox lock (Jacob Keller) [Orabug: 31268827] \n- fm10k: prepare_for_reset() when we lose PCIe Link (Jacob Keller) [Orabug: 31268827] \n- fm10k: prevent race condition of __FM10K_SERVICE_SCHED (Jacob Keller) [Orabug: 31268827] \n- fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid divide by zero in rare cases when device is resetting (Jacob Keller) [Orabug: 31268827] \n- fm10k: dont loop while resetting VFs due to VFLR event (Jacob Keller) [Orabug: 31268827] \n- fm10k: simplify reading PFVFLRE register (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid needless delay when loading driver (Jacob Keller) [Orabug: 31268827] \n- fm10k: add missing fall through comment (Jacob Keller) [Orabug: 31268827] \n- fm10k: avoid possible truncation of q_vector->name (Jacob Keller) [Orabug: 31268827] \n- fm10k: fix typos on fall through comments (Jacob Keller) [Orabug: 31268827] \n- fm10k: stop spurious link down messages when Tx FIFO is full (Jacob Keller) [Orabug: 31268827] \n- fm10k: Use seq_putc() in fm10k_dbg_desc_break() (Markus Elfring) [Orabug: 31268827] \n- fm10k: reschedule service event if we stall the PF<->SM mailbox (Jacob Keller) [Orabug: 31268827] \n- jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264701]\n[4.14.35-1902.303.0]\n- uek-rpm/ol7/config-mips64-embedded: Firewalld reports error and warnings for missing config (Vijay Kumar) [Orabug: 31239302] \n- brcmfmac: add subtype check for event handling in data path (Arend van Spriel) [Orabug: 31234675] {CVE-2019-9503}\n- mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 31233810] \n- iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Navid Emamdoost) [Orabug: 31233656] {CVE-2019-19058}\n- SUNRPC: Allow soft RPC calls to time out when waiting for the XPRT_LOCK (Trond Myklebust) [Orabug: 31226553] \n- SUNRPC: Turn off throttling of RPC slots for TCP sockets (Trond Myklebust) [Orabug: 31226553] \n- NFSv4.1: Avoid false retries when RPC calls are interrupted (Trond Myklebust) [Orabug: 31226553] \n- coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (Andrea Arcangeli) [Orabug: 31222107] {CVE-2019-11599}\n- ext4: add more paranoia checking in ext4_expand_extra_isize handling (Theodore Tso) [Orabug: 31218807] {CVE-2019-19767}\n- ext4: fix use-after-free race with debug_want_extra_isize (Barret Rhoden) [Orabug: 31218807] {CVE-2019-19767}\n- media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213766] {CVE-2020-11668}\n- media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213757] {CVE-2020-11608}\n- media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200578] {CVE-2020-11609}\n- net/flow_dissector: switch to siphash (Eric Dumazet) [Orabug: 30872863] {CVE-2019-18282}\n- brcmfmac: assure SSID length from firmware is limited (Arend van Spriel) [Orabug: 30872843] {CVE-2019-9500}\n- xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31056429]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-12819", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-15505", "CVE-2019-18282", "CVE-2019-19045", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19524", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-20636", "CVE-2019-9500", "CVE-2019-9503", "CVE-2020-0543", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668", "CVE-2020-12768"], "modified": "2020-06-09T00:00:00", "id": "ELSA-2020-5715", "href": "http://linux.oracle.com/errata/ELSA-2020-5715.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:01", "description": "[3.10.0-1160.OL7]\n- Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3\n[3.10.0-1160]\n- [kernel] modsign: Add nomokvarconfig kernel parameter (Lenny Szubowicz) [1867857]\n- [firmware] modsign: Add support for loading certs from the EFI MOK config table (Lenny Szubowicz) [1867857]\n- [kernel] modsign: Move import of MokListRT certs to separate routine (Lenny Szubowicz) [1867857]\n- [kernel] modsign: Avoid spurious error message after last MokListRTn (Lenny Szubowicz) [1867857]\n[3.10.0-1159]\n- [kernel] modsign: Import certificates from optional MokListRT (Lenny Szubowicz) [1862840]\n- [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862840]\n- [crypto] crypto/pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1862840]\n[3.10.0-1158]\n- [redhat] switch secureboot kernel image signing to release keys (Jan Stancek) []\n[3.10.0-1157]\n- [fs] signal: Dont send signals to tasks that dont exist (Vladis Dronov) [1856166]\n[3.10.0-1156]\n- [fs] gfs2: Fix regression due to unwanted gfs2_qa_put (Robert S Peterson) [1798713]\n- [include] signal: Unfairly acquire tasklist_lock in send_sigio() if irq disabled (Waiman Long) [1838799]\n- [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID (Waiman Long) [1838799]\n- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1820632] {CVE-2020-12888}\n[3.10.0-1155]\n- [x86] Revert 'x86: respect memory size limiting via mem= parameter' (Joel Savitz) [1851576]\n- [mm] Revert 'mm/memory_hotplug.c: only respect mem= parameter during boot stage' (Joel Savitz) [1851576]\n- [fs] nfsd: only WARN once on unmapped errors ('J. Bruce Fields') [1850430]\n- [powerpc] pci/of: Fix OF flags parsing for 64bit BARs (Greg Kurz) [1840114]\n- [fs] cifs: fix NULL dereference in match_prepath (Leif Sahlberg) [1759852]\n[3.10.0-1154]\n- [fs] gfs2: move privileged user check to gfs2_quota_lock_check (Robert S Peterson) [1798713]\n- [fs] gfs2: Fix problems regarding gfs2_qa_get and _put (Robert S Peterson) [1798713]\n- [fs] gfs2: dont call quota_unhold if quotas are not locked (Robert S Peterson) [1798713]\n- [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs (Robert S Peterson) [1798713]\n- [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put (Robert S Peterson) [1798713]\n- [fs] gfs2: Change inode qa_data to allow multiple users (Robert S Peterson) [1798713]\n- [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc (Robert S Peterson) [1798713]\n- [fs] gfs2: Switch to list_{first,last}_entry (Robert S Peterson) [1798713]\n- [fs] gfs2: Clean up inode initialization and teardown (Robert S Peterson) [1798713]\n- [fs] gfs2: Minor gfs2_alloc_inode cleanup (Robert S Peterson) [1798713]\n- [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open() (Andrew Price) [1812558]\n[3.10.0-1153]\n- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843437] {CVE-2020-10757}\n- [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843437] {CVE-2020-10757}\n- [mm] mm: mremap: streamline move_page_tables()s move_huge_pmd() corner case (Rafael Aquini) [1843437] {CVE-2020-10757}\n- [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843437] {CVE-2020-10757}\n- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844070] {CVE-2020-12654}\n- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844026] {CVE-2020-12653}\n- [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Florian Westphal) [1845428]\n[3.10.0-1152]\n- [nvmem] nvmem: properly handle returned value nvmem_reg_read (Vladis Dronov) [1844409]\n- [mailbox] PCC: fix dereference of ERR_PTR (Vladis Dronov) [1844409]\n- [kernel] futex: Unlock hb->lock in futex_wait_requeue_pi() error path (Vladis Dronov) [1844409]\n- [fs] aio: fix inconsistent ring state (Jeff Moyer) [1845326]\n- [vfio] vfio/mdev: make create attribute static (Vladis Dronov) [1837549]\n- [vfio] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Synchronize device create/remove with parent removal (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Avoid creating sysfs remove file on stale device removal (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Improve the create/remove sequence (Vladis Dronov) [1837549]\n- [vfio] treewide: Add SPDX license identifier - Makefile/Kconfig (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Avoid inline get and put parent helpers (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Fix aborting mdev child device removal if one fails (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Follow correct remove sequence (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Avoid masking error code to EBUSY (Vladis Dronov) [1837549]\n- [include] vfio/mdev: Drop redundant extern for exported symbols (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Removed unused kref (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Avoid release parent reference during error path (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: Add iommu related member in mdev_device (Vladis Dronov) [1837549]\n- [vfio] vfio/mdev: add static modifier to add_mdev_supported_type (Vladis Dronov) [1837549]\n- [vfio] vfio: mdev: make a couple of functions and structure vfio_mdev_driver static (Vladis Dronov) [1837549]\n- [char] tpm/tpm_tis: Free IRQ if probing fails (David Arcari) [1774698]\n- [kernel] audit: fix a memleak caused by auditing load module (Richard Guy Briggs) [1843370]\n- [kernel] audit: fix potential null dereference 'context->module.name' (Richard Guy Briggs) [1843370]\n- [nvme] nvme: limit number of IO queues on Dell/Samsung config (David Milburn) [1837617]\n[3.10.0-1151]\n- [netdrv] qede: Fix multicast mac configuration (Michal Schmidt) [1740064]\n- [scsi] sd_dif: avoid incorrect ref_tag errors on 4K devices larger than 2TB (Ewan Milne) [1833528]\n- [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1814257] {CVE-2019-19527}\n- [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1814257] {CVE-2019-19527}\n- [x86] x86: make mul_u64_u64_div_u64() 'static inline' (Oleg Nesterov) [1845864]\n- [mm] mm: page_isolation: fix potential warning from user (Rafael Aquini) [1845620]\n- [s390] s390/mm: correct return value of pmd_pfn (Claudio Imbrenda) [1841106]\n- [fs] fs/proc/vmcore.c:mmap_vmcore: skip non-ram pages reported by hypervisors (Lianbo Jiang) [1790799]\n- [kernel] kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted (Rafael Aquini) [1845356]\n- [documentation] kernel: add panic_on_taint (Rafael Aquini) [1845356]\n- [fs] ext4: Remove unwanted ext4_bread() from ext4_quota_write() (Lukas Czerner) [1845379]\n- [scsi] scsi: sg: add sg_remove_request in sg_write ('Ewan D. Milne') [1840699] {CVE-2020-12770}\n- [fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Donghai Qiao) [1832062] {CVE-2020-10732}\n[3.10.0-1150]\n- [netdrv] net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (Alaa Hleihel) [1845020]\n- [mm] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (Waiman Long) [1842715]\n- [mm] memcg: only free spare array when readers are done (Waiman Long) [1842715]\n- [powerpc] powerpc/crashkernel: Take 'mem=' option into account (Pingfan Liu) [1751555]\n- [infiniband] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (Kamal Heib) [1597952]\n- [security] selinux: properly handle multiple messages in selinux_netlink_send() (Ondrej Mosnacek) [1839650] {CVE-2020-10751}\n- [netdrv] net: ena: Add PCI shutdown handler to allow safe kexec (Bhupesh Sharma) [1841578]\n- [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827188] {CVE-2020-0543}\n- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827188] {CVE-2020-0543}\n- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827188] {CVE-2020-0543}\n- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827188] {CVE-2020-0543}\n- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827188] {CVE-2020-0543}\n- [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827188] {CVE-2020-0543}\nheader (Waiman Long) [1827188] {CVE-2020-0543}\n[3.10.0-1149]\n- [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Joel Savitz) [1838795]\n- [netdrv] qed: Reduce the severity of ptp debug message (Manish Chopra) [1703770]\n- [kernel] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (Jay Shin) [1836620]\n- [fs] gfs2: remove BUG_ON() from gfs2_log_alloc_bio() (Abhijith Das) [1828454]\n- [fs] gfs2: Even more gfs2_find_jhead fixes (Abhijith Das) [1828454]\n- [fs] quota: fix return value in dqget() (Eric Sandeen) [1842761]\n- [fs] proc_sysctl.c: fix potential page fault while unregistering sysctl table (Carlos Maiolino) [1843368]\n- [fs] ext4: fix error handling in ext4_ext_shift_extents (Lukas Czerner) [1843366]\n- [vhost] vhost: Check docket sk_family instead of call getname (Vladis Dronov) [1823302] {CVE-2020-10942}\n- [input] hyperv-keyboard - add module description (Mohammed Gamal) [1842689]\n- [hv] hv: Add a module description line to the hv_vmbus driver (Mohammed Gamal) [1842689]\n- [hid] hyperv: Add a module description line (Mohammed Gamal) [1842689]\n- [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1511040]\n- [acpi] ACPI: APEI: call into AER handling regardless of severity (Al Stone) [1737246]\n- [acpi] ACPI: APEI: handle PCIe AER errors in separate function (Al Stone) [1737246]\n- [acpi] ras: acpi/apei: cper: add support for generic data v3 structure (Al Stone) [1737246]\n- [acpi] ACPICA: ACPI 6.1: Updates for the HEST ACPI table (Al Stone) [1737246]\n- [acpi] ACPI / APEI: Switch to use new generic UUID API (Al Stone) [1737246]\n- [x86] x86/efi-bgrt: Quirk for BGRT when memory encryption active (Lenny Szubowicz) [1723477]\n- [scsi] scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Tomas Henzl) [1840550]\n- [scsi] scsi: megaraid_sas: TM command refire leads to controller firmware crash (Tomas Henzl) [1840550]\n- [scsi] scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Tomas Henzl) [1840550]\n- [scsi] scsi: megaraid_sas: Limit device queue depth to controller queue depth (Tomas Henzl) [1840550]\n- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1820632] {CVE-2020-12888}\n- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1820632] {CVE-2020-12888}\n- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1820632] {CVE-2020-12888}\n- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1820632] {CVE-2020-12888}\n- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1820632] {CVE-2020-12888}\n- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1820632] {CVE-2020-12888}\n- [fs] signal: Extend exec_id to 64bits (Chris von Recklinghausen) [1834650] {CVE-2020-12826}\n[3.10.0-1148]\n- [x86] hyper-v: Report crash data in die() when panic_on_oops is set (Mohammed Gamal) [1828450]\n- [hv] x86/hyper-v: Report crash register data when sysctl_record_panic_msg is not set (Mohammed Gamal) [1828450]\n- [x86] hyper-v: Report crash register data or kmsg before running crash kernel (Mohammed Gamal) [1828450]\n- [hv] x86/hyper-v: Trigger crash enlightenment only once during system crash (Mohammed Gamal) [1828450]\n- [hv] x86/hyper-v: Free hv_panic_page when fail to register kmsg dump (Mohammed Gamal) [1828450]\n- [hv] x86/hyper-v: Unload vmbus channel in hv panic callback (Mohammed Gamal) [1828450]\n- [hv] vmbus: Fix the issue with freeing up hv_ctl_table_hdr (Mohammed Gamal) [1828450]\n- [hv] vmus: Fix the check for return value from kmsg get dump buffer (Mohammed Gamal) [1828450]\n- [hv] Send one page worth of kmsg dump over Hyper-V during panic (Mohammed Gamal) [1828450]\n- [x86] kvm: x86: Allow suppressing prints on RDMSR/WRMSR of unhandled MSRs (Vitaly Kuznetsov) [1837412]\n- [fs] ext4: Fix race when checking i_size on direct i/o read (Lukas Czerner) [1506437]\n- [fs] copy_file_range should return ENOSYS not EOPNOTSUPP ('J. Bruce Fields') [1783554]\n- [fs] NFSv4.1 fix incorrect return value in copy_file_range ('J. Bruce Fields') [1783554]\n- [x86] Remove the unsupported check for Intel IceLake (Steve Best) [1841237]\n- [md] md/raid1: release pending accounting for an I/O only after write-behind is also finished (Nigel Croxon) [1792520]\n- [net] gre: fix uninit-value in __iptunnel_pull_header (Guillaume Nault) [1840321]\n- [net] inet: protect against too small mtu values. (Guillaume Nault) [1840321]\n- [net] Fix one possible memleak in ip_setup_cork (Guillaume Nault) [1840321]\n- [net] fix a potential recursive NETDEV_FEAT_CHANGE (Guillaume Nault) [1839130]\n- [net] fix null de-reference of device refcount (Guillaume Nault) [1839130]\n- [net] sch_choke: avoid potential panic in choke_reset() (Davide Caratti) [1839118]\n- [net] net_sched: fix datalen for ematch (Davide Caratti) [1839118]\n- [net] netem: fix error path for corrupted GSO frames (Davide Caratti) [1839118]\n- [net] avoid potential infinite loop in tc_ctl_action() (Davide Caratti) [1839118]\n- [net] net_sched: let qdisc_put() accept NULL pointer (Davide Caratti) [1839118]\n- [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1832332]\n- [net] ipv4: avoid mixed n_redirects and rate_tokens usage (Paolo Abeni) [1832332]\n- [net] ipv4: use a dedicated counter for icmp_v4 redirect packets (Paolo Abeni) [1832332]\n- [net] ipset: Update byte and packet counters regardless of whether they match (Phil Sutter) [1801366]\n- [net] xfrm: skip rt6i_idev update in xfrm6_dst_ifdown if loopback_idev is gone (Sabrina Dubroca) [1390049]\n[3.10.0-1147]\n- [nvme] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (Gopal Tiwari) [1839991]\n- [fs] pipe: actually allow root to exceed the pipe buffer limits (Jan Stancek) [1839629]\n- [scsi] Revert 'scsi: mpt3sas: Dont change the DMA coherent mask after allocations' (Tomas Henzl) [1839128]\n- [scsi] Revert 'scsi: mpt3sas: Rename function name is_MSB_are_same' (Tomas Henzl) [1839128]\n- [scsi] Revert 'scsi: mpt3sas: Separate out RDPQ allocation to new function' (Tomas Henzl) [1839128]\n- [scsi] Revert 'scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region' (Tomas Henzl) [1839128]\n- [netdrv] net/mlx5e: Avoid duplicating rule destinations (Alaa Hleihel) [1727593]\n- [netdrv] net/mlx5e: Extend encap entry with reference counter (Alaa Hleihel) [1727593]\n- [netdrv] net/mlx5e: Fix free peer_flow when refcount is 0 (Alaa Hleihel) [1727593]\n- [netdrv] net/mlx5e: Extend tc flow struct with reference counter (Alaa Hleihel) [1727593]\n- [netdrv] net/mlx5e: Dont make internal use of errno to denote missing neigh (Alaa Hleihel) [1727593]\n- [netdrv] net/mlx5e: Fix freeing flow with kfree() and not kvfree() (Alaa Hleihel) [1727593]\n- [drm] drm/nouveau/gr/gp107, gp108: implement workaround for HW hanging during init (Karol Herbst) [1834360 1834356 1833485]\n- [drm] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges (Karol Herbst) [1834360 1834356 1833485]\n[3.10.0-1146]\n- [net] revert 'rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()' (Jiri Benc) [1839608]\n- [net] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (Davide Caratti) [1838936]\n- [net] ipv6: Handle missing host route in __ipv6_ifa_notify (Davide Caratti) [1838936]\n- [net] ipv6: drop incoming packets having a v4mapped source address (Davide Caratti) [1838936]\n- [net] l2tp: fix infoleak in l2tp_ip6_recvmsg() (Andrea Claudi) [1837546]\n- [net] vti6: Fix memory leak of skb if input policy check fails (Patrick Talbert) [1836160]\n- [net] tcp: prevent bogus FRTO undos with non-SACK flows (Guillaume Nault) [1694860]\n- [scsi] scsi: smartpqi: fix controller lockup observed during force reboot (Don Brace) [1775369]\n- [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1663720]\n- [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1663720]\n- [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1663720]\n- [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1663720]\n- [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1663720]\n- [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1663720]\n- [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1834783]\n- [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1834783]\n- [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1834783]\n- [fs] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (Lukas Czerner) [1834783]\n- [fs] ext4: fix missing return values checks in ext4_cross_rename (Lukas Czerner) [1836819]\n- [fs] ext4: Fix POSIX ACL leak in ext4_xattr_set_acl (Lukas Czerner) [1543020]\n- [vfio] vfio-pci: Mask cap zero (Alex Williamson) [1838717]\n- [x86] Mark Intel Cooper Lake (CPX) supported (Steve Best) [1773681]\n- [fs] fs/bio-integrity: dont enable integrity for data-less bio (Ming Lei) [1835943]\n- [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1837127]\n- [kernel] wait/ptrace: assume __WALL if the child is traced (Oleg Nesterov) [1497808]\n- [mm] mm, hugetlb, soft_offline: save compound page order before page migration (Artem Savkov) [1751589]\n- [fs] fs/hugetlbfs/inode.c: fix hwpoison reserve accounting (Artem Savkov) [1751589]\n- [fs] mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (Artem Savkov) [1751589]\n- [mm] mm: soft-offline: dissolve free hugepage if soft-offlined (Artem Savkov) [1751589]\n- [mm] mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (Artem Savkov) [1751589]\n- [mm] mm: hwpoison: change PageHWPoison behavior on hugetlb pages (Artem Savkov) [1751589]\n- [mm] mm: hugetlb: prevent reuse of hwpoisoned free hugepages (Artem Savkov) [1751589]\n- [netdrv] net/mlx5: Tidy up and fix reverse christmas ordring (Alaa Hleihel) [1831134]\n- [netdrv] net/mlx5: Expose port speed when possible (Alaa Hleihel) [1831134]\n- [include] net/mlx5: Expose link speed directly (Alaa Hleihel) [1831134]\n- [usb] USB: core: Fix races in character device registration and deregistraion (Torez Smith) [1785065] {CVE-2019-19537}\n- [usb] usb: cdc-acm: make sure a refcount is taken early enough (Torez Smith) [1802548] {CVE-2019-19530}\n- [usb] USB: adutux: fix use-after-free on disconnect (Torez Smith) [1798822] {CVE-2019-19523}\n- [media] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Torez Smith) [1795597] {CVE-2019-15217}\n[3.10.0-1145]\n- [scsi] scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan Milne) [1837543]\n- [mm] mm: dmapool: add/remove sysfs file outside of the pool lock lock (Waiman Long) [1836837]\n- [mm] Fix unbalanced mutex in dma_pool_create() (Waiman Long) [1836837]\n- [mm] mm/dmapool.c: remove redundant NULL check for dev in dma_pool_create() (Waiman Long) [1836837]\n- [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1836322]\n- [netdrv] can, slip: Protect tty->disc_data in write_wakeup and close with RCU (John Linville) [1805590]\n- [netdrv] slcan: Port write_wakeup deadlock fix from slip (John Linville) [1805590]\n- [fs] ext4: fix support for inode sizes > 1024 bytes (Lukas Czerner) [1817634] {CVE-2019-19767}\n- [fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling (Lukas Czerner) [1817634] {CVE-2019-19767}\n- [fs] ext4: forbid i_extra_isize not divisible by 4 (Lukas Czerner) [1817634] {CVE-2019-19767}\n- [fs] ext4: validate the debug_want_extra_isize mount option at parse time (Lukas Czerner) [1817634] {CVE-2019-19767}\n- [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1829662]\n- [fs] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1626092]\n- [media] media: v4l: event: Add subscription to list before calling 'add' operation (Jarod Wilson) [1828802] {CVE-2019-9458}\n- [media] media: v4l: event: Prevent freeing event subscriptions while accessed (Jarod Wilson) [1828802] {CVE-2019-9458}\n- [fs] block: Prevent hung_check firing during long sync IO (Ming Lei) [1724345]\n[3.10.0-1144]\n- [crypto] crypto: user - fix memory leak in crypto_report (Vladis Dronov) [1825132] {CVE-2019-18808 CVE-2019-19062}\n- [crypto] crypto: ccp - Release all allocated memory if sha type is invalid (Vladis Dronov) [1825132] {CVE-2019-18808}\n- [net] xfrm: policy: Fix doulbe free in xfrm_policy_timer (Xin Long) [1836813]\n- [net] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire (Xin Long) [1836813]\n- [net] xfrm: fix uctx len check in verify_sec_ctx_len (Xin Long) [1836813]\n- [net] rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (Jiri Benc) [1835352]\n- [net] rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (Jiri Benc) [1835352]\n- [net] netlink: fix uninit-value in netlink_sendmsg (Jiri Benc) [1835352]\n- [net] netlink: make sure nladdr has correct size in netlink_connect() (Jiri Benc) [1835352]\n- [net] rtnetlink: fix info leak in RTM_GETSTATS call (Jiri Benc) [1835352]\n- [net] rtnetlink: release net refcnt on error in do_setlink() (Jiri Benc) [1835352]\n- [net] bridge: deny dev_set_mac_address() when unregistering (Hangbin Liu) [1834203]\n- [net] bridge/mdb: remove wrong use of NLM_F_MULTI (Hangbin Liu) [1834203]\n- [net] udp: disable inner UDP checksum offloads in IPsec case (Sabrina Dubroca) [1826244]\n- [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1833869]\n- [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1833869]\n- [net] sctp: fix possibly using a bad saddr with a given dst (Xin Long) [1833869]\n- [net] sctp: fix refcount bug in sctp_wfree (Xin Long) [1833869]\n- [net] sctp: move the format error check out of __sctp_sf_do_9_1_abort (Xin Long) [1833869]\n- [net] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (Xin Long) [1833869]\n- [net] sctp: fully initialize v4 addr in some functions (Xin Long) [1833869]\n- [net] sctp: simplify addr copy (Xin Long) [1833869]\n- [net] sctp: cache netns in sctp_ep_common (Xin Long) [1833869]\n- [net] sctp: destroy bucket if failed to bind addr (Xin Long) [1833869]\n- [net] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (Xin Long) [1833869]\n- [net] netfilter: nat: never update the UDP checksum when its 0 (Guillaume Nault) [1834278]\n- [net] esp4: add length check for UDP encapsulation (Sabrina Dubroca) [1825155]\n- [net] sit: fix memory leak in sit_init_net() (Andrea Claudi) [1830011] {CVE-2019-16994}\n- [net] sched: cbs: fix NULL dereference in case cbs_init() fails (Davide Caratti) [1830245]\n- [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1819087]\n- [net] tcp: tcp_v4_err() should be more careful (Marcelo Leitner) [1749964]\n- [net] tcp: remove BUG_ON from tcp_v4_err (Marcelo Leitner) [1749964]\n- [net] tcp: clear icsk_backoff in tcp_write_queue_purge() (Marcelo Leitner) [1749964]\n- [net] psample: fix skb_over_panic (Sabrina Dubroca) [1823251]\n- [net] sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (Patrick Talbert) [1823691]\n- [netdrv] fjes: Handle workqueue allocation failure (Masayoshi Mizuma) [1830563] {CVE-2019-16231}\n[3.10.0-1143]\n- [mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (Rafael Aquini) [1834434] {CVE-2020-11565}\n- [fs] fs: avoid softlockups in s_inodes iterators (Jay Shin) [1760145]\n- [scsi] scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table (Maurizio Lombardi) [1832019]\n- [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1830606]\n- [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1830606]\n- [fs] revert '[fs] xfs: catch bad stripe alignment configurations' (Carlos Maiolino) [1836292]\n- [scsi] scsi: scsi_debug: num_tgts must be >= 0 (Ewan Milne) [1834998]\n- [scsi] scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled (Ewan Milne) [1834998]\n- [scsi] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded (Ewan Milne) [1834998]\n- [scsi] scsi_debug: check for bigger value first (Ewan Milne) [1834998]\n- [scsi] scsi_debug: vfree is null safe so drop the check (Ewan Milne) [1834998]\n- [scsi] scsi_debug: error message should say scsi_host_alloc not scsi_register (Ewan Milne) [1834998]\n- [fs] xfs: Fix tail rounding in xfs_alloc_file_space() (Bill ODonnell) [1833223]\n- [fs] ceph: dont drop message if it contains more data than expected (Jeff Layton) [1828340]\n- [fs] ceph: dont error out on larger-than-expected session messages (Jeff Layton) [1828340]\n- [acpi] ACPI: disable BERT by default, add parameter to enable it (Aristeu Rozanski) [1525298]\n- [acpi] ACPI: APEI: Fix possible out-of-bounds access to BERT region (Aristeu Rozanski) [1525298]\n- [acpi] ACPI / sysfs: Extend ACPI sysfs to provide access to boot error region (Aristeu Rozanski) [1525298]\n- [acpi] ACPI: APEI: Fix BERT resources conflict with ACPI NVS area (Aristeu Rozanski) [1525298]\n- [acpi] ACPI / APEI: Add Boot Error Record Table (BERT) support (Aristeu Rozanski) [1525298]\n- [acpi] ACPICA: Restore error table definitions to reduce code differences between Linux and ACPICA upstream (Aristeu Rozanski) [1525298]\n[3.10.0-1142]\n- [fs] gfs2: Another gfs2_walk_metadata fix (Andreas Grunbacher) [1822230]\n- [fs] ext4: prevent ext4_quota_write() from failing due to ENOSPC (Lukas Czerner) [1068952]\n- [fs] ext4: do not zeroout extents beyond i_disksize (Lukas Czerner) [1834320]\n- [fs] pnfs: Ensure we layoutcommit before revalidating attributes (Benjamin Coddington) [1827647]\n- [fs] nfs: flush data when locking a file to ensure cache coherence for mmap (Scott Mayhew) [1813811]\n- [fs] call fsnotify_sb_delete after evict_inodes (Jay Shin) [1760145]\n- [fs] inode: dont softlockup when evicting inodes (Jay Shin) [1760145]\n- [fs] drop_caches.c: avoid softlockups in drop_pagecache_sb() (Jay Shin) [1760145]\n- [fs] gfs2: More gfs2_find_jhead fixes (Abhijith Das) [1828454]\n- [fs] gfs2: Another gfs2_find_jhead fix (Abhijith Das) [1828454]\n- [fs] nfs: fix mount/umount race in nlmclnt (Jay Shin) [1771205]\n- [fs] nlm_shutdown_hosts_net() cleanup (Jay Shin) [1771205]\n- [scsi] scsi: megaraid: Use true, false for bool variables (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid: make two symbols static in megaraid_sas_base.c (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fp.c (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: silence a warning (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: fix indentation issue (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Make poll_aen_lock static (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Fix a compilation warning (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Make a bunch of functions static (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Make some functions static (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: remove unused variables 'debugBlk', 'fusion' (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: Unique names for MSI-X vectors (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: fix panic on loading firmware crashdump (Tomas Henzl) [1827037]\n- [scsi] scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Tomas Henzl) [1827037]\n- [scsi] scsi: mpt3sas: Disable DIF when prot_mask set to zero (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Separate out RDPQ allocation to new function (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Rename function name is_MSB_are_same (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Dont change the DMA coherent mask after allocations (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Fix double free in attach error handling (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Use Component img header to get Package ver (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Fix module parameter max_msix_vectors (Tomas Henzl) [1832868]\n- [scsi] scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Tomas Henzl) [1832868]\n- [netdrv] hv_netvsc: Fix error handling in netvsc_set_features() (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Sync offloading features to VF NIC (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Fix IP header checksum for coalesced packets (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Fix rndis_per_packet_info internal field initialization (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Add handler for LRO setting change (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Add support for LRO/RSC in the vSwitch (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Add handlers for ethtool get/set msg level (Mohammed Gamal) [1821814]\n- [netdrv] hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (Mohammed Gamal) [1821814]\n- [fs] fix mntput/mntput race (Miklos Szeredi) [1828320]\n- [wireless] rtlwifi: prevent memory leak in rtl_usb_probe (Jarod Wilson) [1829847] {CVE-2019-19063}\n- [wireless] iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Jarod Wilson) [1829375] {CVE-2019-19058}\n- [net] nl80211: fix memory leak in nl80211_get_ftm_responder_stats (Jarod Wilson) [1829289] {CVE-2019-19055}\n- [wireless] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (Jarod Wilson) [1829393] {CVE-2019-19059}\n[3.10.0-1141]\n- [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1752067]\n- [edac] EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [1832683]\n- [s390] s390/qdio: consider ERROR buffers for inbound-full condition (Philipp Rudo) [1831791]\n- [s390] s390/ftrace: fix potential crashes when switching tracers (Philipp Rudo) [1813124]\n- [netdrv] ibmvnic: Skip fatal error reset after passive init (Steve Best) [1830992]\n- [scsi] smartpqi: bump driver version (Don Brace) [1822762]\n- [scsi] scsi: smartpqi: add bay identifier (Don Brace) [1822762]\n- [scsi] scsi: smartpqi: add module param to hide vsep (Don Brace) [1822762]\n- [scsi] scsi: bnx2fc: Update the driver version to 2.12.13 (Nilesh Javali) [1709542]\n- [scsi] scsi: bnx2fc: fix boolreturn.cocci warnings (Nilesh Javali) [1709542]\n- [scsi] scsi: bnx2fc: Fix SCSI command completion after cleanup is posted (Nilesh Javali) [1709542]\n- [scsi] scsi: bnx2fc: Process the RQE with CQE in interrupt context (Nilesh Javali) [1709542]\n- [scsi] scsi: qla2xxx: Fix a recently introduced kernel warning (Nilesh Javali) [1828875]\n- [scsi] Fix abort timeouts in CQ Full conditions (Dick Kennedy) [1802654]\n- [input] Input: add safety guards to input_set_keycode() (Chris von Recklinghausen) [1828222] {CVE-2019-20636}\n- [scsi] scsi: libsas: delete sas port if expander discover failed (Tomas Henzl) [1829965] {CVE-2019-15807}\n- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827240] {CVE-2020-10711}\n[3.10.0-1140]\n- [netdrv] mlx5: Remove unsupported tag for ConnectX-6 Dx device (Alaa Hleihel) [1829777]\n- [fs] xfs: clear PF_MEMALLOC before exiting xfsaild thread (Brian Foster) [1827910]\n- [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1812558]\n- [fs] nfs: Correct an nfs page array calculation error (Jay Shin) [1824270]\n- [infiniband] RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (Jonathan Toppins) [1828475 1824438]\n- [netdrv] bnxt_en: Fix allocation of zero statistics block size regression (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Allocate the larger per-ring statistics block for 57500 chips (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Expand bnxt_tpa_info struct to support 57500 chips (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Refactor TPA logic (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Add TPA structure definitions for BCM57500 chips (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.89 (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Update firmware interface to 1.10.0.69 (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.47 (Jonathan Toppins) [1824438]\n- [netdrv] bnxt_en: Refactor ethtool ring statistics logic (Jonathan Toppins) [1824438]\n- [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1825431]\n- [scsi] scsi: fnic: do not queue commands during fwreset (Govindarajulu Varadarajan) [1794150]\n- [scsi] scsi: fnic: fix invalid stack access (Govindarajulu Varadarajan) [1794150]\n- [scsi] scsi: fnic: fix use after free (Govindarajulu Varadarajan) [1794150]\n- [netdrv] enic: prevent waking up stopped tx queues over watchdog reset (Govindarajulu Varadarajan) [1794148]\n- [fs] ceph: use ceph_evict_inode to cleanup inodes resource (Jeff Layton) [1784016]\n- [fs] ceph: fix use-after-free in __ceph_remove_cap() (Jeff Layton) [1784016]\n- [fs] ceph: hold i_ceph_lock when removing caps for freeing inode (Jeff Layton) [1784016]\n- [input] Input: ff-memless - kill timer in destroy() (Chris von Recklinghausen) [1815021] {CVE-2019-19524}\n- [scsi] scsi: qla2xxx: fix a potential NULL pointer dereference ('Ewan D. Milne') [1829246] {CVE-2019-16233}\n[3.10.0-1139]\n- [fs] nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback() ('J. Bruce Fields') [1448750]\n- [fs] nfsd: minor 4.1 callback cleanup ('J. Bruce Fields') [1448750]\n- [fs] nfsd: Dont release the callback slot unless it was actually held (Benjamin Coddington) [1448750]\n- [lib] kobject: dont use WARN for registration failures (Ewan Milne) [1756495]\n- [lib] lib/kobject: Join string literals back (Ewan Milne) [1756495]\n- [scsi] scsi: ibmvfc: Dont send implicit logouts prior to NPIV login (Steve Best) [1828726]\n- [fs] nfs: Serialize O_DIRECT reads and writes (Benjamin Coddington) [1826571]\n- [mm] mm/page_owner: convert page_owner_inited to static key (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: set correct gfp_mask on page_owner (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: fix possible access violation (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: use late_initcall to hook in enabling (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: remove unnecessary stack_trace field (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: correct owner information for early allocated pages (Rafael Aquini) [1781726]\n- [mm] mm/page_owner: keep track of page owners (Rafael Aquini) [1781726]\n- [documentation] Documentation: add new page_owner document (Rafael Aquini) [1781726]\n- [kernel] stacktrace: introduce snprint_stack_trace for buffer output (Rafael Aquini) [1781726]\n[3.10.0-1138]\n- [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcoms Gen P5 series (Jonathan Toppins) [1823679]\n- [scsi] scsi: qla2xxx: Silence fwdump template message (Ewan Milne) [1783191]\n- [scsi] scsi: hpsa: Update driver version (Joseph Szczypek) [1808403]\n- [scsi] scsi: hpsa: correct race condition in offload enabled (Joseph Szczypek) [1808403]\n- [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1712235]\n- [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1712235]\n- [netdrv] bonding: fix potential NULL deref in bond_update_slave_arr (Jarod Wilson) [1712235]\n- [netdrv] bonding: Force slave speed check after link state recovery for 802.3ad (Jarod Wilson) [1712235]\n- [i2c] i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Vladis Dronov) [1822641] {CVE-2017-18551}\n- [acpi] ACPI / EC: Ensure lock is acquired before accessing ec struct (Al Stone) [1811132]\n- [x86] x86/mce: Do not log spurious corrected mce errors (Prarit Bhargava) [1797205]\n- [wireless] mwifiex: Fix mem leak in mwifiex_tm_cmd (Jarod Wilson) [1804971] {CVE-2019-20095}\n- [kernel] kernel/module.c: wakeup processes in module_wq on module unload (Prarit Bhargava) [1771939]\n- [acpi] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Prarit Bhargava) [1790782]\n[3.10.0-1137]\n- [tty] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles (Gustavo Duarte) [1600213]\n- [mm] mm/swap_slots.c: fix race conditions in swap_slots cache init (Rafael Aquini)\n- [block] loop: set PF_MEMALLOC_NOIO for the worker thread (Ming Lei) [1825950]\n- [tty] serial: 8250: drop the printk from serial8250_interrupt() (Prarit Bhargava) [1825049]\n- [net] net: linkwatch: add check for netdevice being present to linkwatch_do_dev (Alaa Hleihel) [1595302]\n[3.10.0-1136]\n- [fs] sunrpc: expiry_time should be seconds not timeval (Benjamin Coddington) [1794055]\n- [nvdimm] Revert 'driver boilerplate changes to properly manage device_rh' (Christoph von Recklinghausen) [1823750]\n- [base] call device_rh_free in device_release before driver/class/type release is called (Christoph von Recklinghausen) [1822888]\n- [md] md:md-faulty kernel panic is caused by QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1822462]\n- [firmware] efi: cper: print AER info of PCIe fatal error (Vladis Dronov) [1820646]\n- [scsi] qla2xxx: Update driver version to 10.01.00.22.07.9-k (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix message indicating vectors used by driver (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Move free of fcport out of interrupt context (Nilesh Javali) [1808129]\n- [scsi] qla2xxx: delete all sessions before unregister local nvme port (Nilesh Javali) [1808129]\n- [scsi] qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix mtcp dump collection failure (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix RIDA Format-2 (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix stuck login session using prli_pend_timer (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Use common routine to free fcport struct (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix update_fcport for current_topology (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix fabric scan hang (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Change discovery state before PLOGI (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Initialize free_work before flushing it (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1808129]\n- [scsi] scsi: qla2xxx: Fix a dma_pool_free() call (Nilesh Javali) [1808129]\n- [security] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() (Artem Savkov) [1808675]\n- [acpi] ACPICA: Mark acpi_ut_create_internal_object_dbg() memory allocations as non-leaks (Artem Savkov) [1808675]\n- [x86] x86/microcode/AMD: Free unneeded patch before exit from update_cache() (Artem Savkov) [1808675]\n- [mm] memcg: ensure mem_cgroup_idr is updated in a coordinated manner (Aaron Tomlin) [1822405]\n- [mm] mm/page_alloc: increase default min_free_kbytes bound (Joel Savitz) [1704326]\n- [scsi] scsi: lpfc: Fix unexpected error messages during RSCN handling (Dick Kennedy) [1743667]\n- [scsi] scsi: lpfc: Fix discovery failures when target device connectivity bounces (Dick Kennedy) [1743667]\n- [scsi] scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (Dick Kennedy) [1743667]\n- [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1743667]\n- [video] vgacon: Fix a UAF in vgacon_invert_region (Vladis Dronov) [1818730] {CVE-2020-8647 CVE-2020-8649}\n- [x86] uprobes/x86: Fix detection of 32-bit user mode (Oleg Nesterov) [1804959]\n- [powerpc] module: Handle R_PPC64_ENTRY relocations (Yauheni Kaliuta) [1657540]\n- [scripts] recordmcount.pl: support data in text section on powerpc (Yauheni Kaliuta) [1657540]\n- [powerpc] boot: Request no dynamic linker for boot wrapper (Yauheni Kaliuta) [1657540]\n[3.10.0-1135]\n- [fs] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Dave Wysochanski) [1683490]\n- [fs] fscache: Pass the correct cancelled indications to fscache_op_complete() (Dave Wysochanski) [1683490]\n- [char] tpm: ibmvtpm: Wait for buffer to be set before proceeding (Jerry Snitselaar) [1815536]\n- [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1813803]\n- [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1813803]\n- [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1813803]\n- [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1813803]\n- [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1813803]\n- [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1813803]\n- [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1813803]\n- [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1813803]\n- [fs] NFS: Dont hold the inode lock across fsync() (Benjamin Coddington) [1813803]\n- [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1813803]\n- [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1813803]\n- [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1813803]\n- [fs] filesystem-dax: Fix dax_layout_busy_page() livelock (Carlos Maiolino) [1817866]\n- [block] blk-mq: fix hang caused by freeze/unfreeze sequence (Ming Lei) [1821718]\n- [fs] ceph: dont NULL terminate virtual xattrs (Jeff Layton) [1717454]\n- [fs] ceph: return -ERANGE if virtual xattr value didnt fit in buffer (Jeff Layton) [1717454]\n- [fs] ceph: make getxattr_cb return ssize_t (Jeff Layton) [1717454]\n- [fs] ceph: use bit flags to define vxattr attributes (Jeff Layton) [1717454]\n- [tty] tty: Prevent ldisc drivers from re-using stale tty fields (Vladis Dronov) [1820031]\n- [powerpc] powerpc64/kexec: Hard disable ftrace before switching to the new kernel (Jerome Marchand) [1731578]\n- [powerpc] powerpc64/ftrace: Delay enabling ftrace on secondary cpus (Jerome Marchand) [1731578]\n- [powerpc] powerpc64/ftrace: Add helpers to hard disable ftrace (Jerome Marchand) [1731578]\n- [powerpc] powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (Jerome Marchand) [1731578]\n- [powerpc] powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (Jerome Marchand) [1731578]\n- [powerpc] powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (Jerome Marchand) [1731578]\n- [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779474] {CVE-2019-17055}\n- [virtio] virtio-balloon: fix managed page counts when migrating pages between zones (David Hildenbrand) [1780330]\n[3.10.0-1134]\n- [net] netfilter: nf_log: fix uninit read in nf_log_proc_dostring (Phil Sutter) [1770232]\n- [net] netfilter: nf_log: fix error on write NONE to logger choice sysctl (Phil Sutter) [1770232]\n- [net] ethtool: convert large order kmalloc allocations to vzalloc (Davide Caratti) [1786448]\n- [net] l2tp: Allow duplicate session creation with UDP (Guillaume Nault) [1808928]\n- [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1785141]\n- [net] ipv6: remove printk (Hangbin Liu) [1779533]\n- [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1766816]\n- [net] raw: do not report ICMP redirects to user space (Hangbin Liu) [1758386]\n[3.10.0-1133]\n- [powerpc] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (Steve Best) [1806629] {CVE-2019-12614}\n- [s390] s390/pci: Recover handle in clp_set_pci_fn() (Philipp Rudo) [1816662]\n- [fs] xfs: fix attr leaf header freemap.size underflow (Bill ODonnell) [1808671]\n- [block] floppy: check FDC index for errors before assigning it (Ming Lei) [1815403] {CVE-2020-9383}\n- [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1818001]\n- [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1818001]\n- [s390] dasd: fix endless loop after read unit address configuration (Philipp Rudo) [1816661]\n- [fs] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (Leif Sahlberg) [1504193]\n- [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1504193]\n- [char] ipmi: Fix memory leak in __ipmi_bmc_register (Tony Camuso) [1812836] {CVE-2019-19046}\n- [net] ipvs: Remove noisy debug print from ip_vs_del_service (Alexey Klimov) [1769816]\n[3.10.0-1132]\n- [tools] tools/power turbostat: Support Ice Lake server (Steve Best) [1776508]\n- [nvme] nvme-fc: ensure association_id is cleared regardless of a Disconnect LS (Ewan Milne) [1816752]\n- [nvme] nvme-fc: clarify error messages (Ewan Milne) [1816752]\n- [nvme] nvme-fc: fix module unloads while lports still pending (Ewan Milne) [1816752]\n- [scsi] scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (Ewan Milne) [1816307]\n- [scsi] scsi: core: Fix a compiler warning triggered by the SCSI logging code (Ewan Milne) [1816307]\n- [scsi] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (Ewan Milne) [1816307]\n- [scsi] scsi: core: scsi_trace: Use get_unaligned_be*() (Ewan Milne) [1816307]\n- [scsi] scsi: core: try to get module before removing device (Ewan Milne) [1816307]\n- [scsi] scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (Ewan Milne) [1816307]\n- [scsi] scsi: device_handler: remove VLAs (Ewan Milne) [1816307]\n- [scsi] scsi: scsi_dh: Document alua_rtpg_queue() arguments (Ewan Milne) [1816307]\n- [scsi] scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (Ewan Milne) [1816307]\n- [scsi] scsi: scsi_dh_emc: return success in clariion_std_inquiry() (Ewan Milne) [1816307]\n- [target] scsi: target: iscsi: rename some variables to avoid confusion (Maurizio Lombardi) [1806966]\n- [target] scsi: target: iscsi: tie the challenge length to the hash digest size (Maurizio Lombardi) [1806966]\n- [target] scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 (Maurizio Lombardi) [1806966]\n- [target] scsi: target: compare full CHAP_A Algorithm strings (Maurizio Lombardi) [1806966]\n- [base] device_release() can call device_rh_free() too (Christoph von Recklinghausen) [1793248]\n- [nvdimm] driver boilerplate changes to properly manage device_rh (Christoph von Recklinghausen) [1793248]\n- [base] Add an interface for certain drivers who manage their own struct devices to disassociate their device_rhs (Christoph von Recklinghausen) [1793248]\n- [base] kfree(dev->device_rh) in device_create_release() (Christoph von Recklinghausen) [1793248]\n- [base] kfree and zero device_rh in device_release() (Christoph von Recklinghausen) [1793248]\n- [input] Revert 'Fix device_rh memory leak' (Christoph von Recklinghausen) [1793248]\n- [scsi] Revert 'Fix device_rh leak in scsi_alloc_target()' (Christoph von Recklinghausen) [1793248]\n- [scsi] Revert 'Fix memory leaks in scsi_alloc_sdev()' (Christoph von Recklinghausen) [1793248]\n- [nvdimm] libnvdimm/security: Consolidate 'security' operations (Jeff Moyer) [1735364]\n- [nvdimm] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations (Jeff Moyer) [1735364]\n- [nvdimm] libnvdimm/security: Introduce a 'frozen' attribute (Jeff Moyer) [1735364]\n- [acpi] libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Jeff Moyer) [1735364]\n- [nvdimm] libnvdimm/security: provide fix for secure-erase to use zero-key (Jeff Moyer) [1735364]\n- [block] block: fix checking return value of blk_mq_init_queue (Maxim Levitsky) [1795777]\n- [bluetooth] Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (Aristeu Rozanski) [1808803] {CVE-2019-15917}\n[3.10.0-1131]\n- [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1806818] {CVE-2020-2732}\n- [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1806818] {CVE-2020-2732}\n- [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1806818] {CVE-2020-2732}\n- [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1806818] {CVE-2020-2732}\n- [x86] kvm: nvmx: Dont emulate instructions in guest mode (Jon Maloy) [1806818] {CVE-2020-2732}\n- [x86] kvm: x86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (Nitesh Narayan Lal) [1772082]\n- [x86] kvm: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect (Nitesh Narayan Lal) [1772082]\n- [virt] kvm: x86: remove set but not used variable 'called' (Nitesh Narayan Lal) [1772082]\n- [x86] kvm: x86: Zero the IOAPIC scan request dest vCPUs bitmap (Nitesh Narayan Lal) [1772082]\n- [x86] kvm: x86: deliver KVM IOAPIC scan request to target vCPUs (Nitesh Narayan Lal) [1772082]\n- [kernel] kvm: remember position in kvm->vcpus array (Nitesh Narayan Lal) [1772082]\n- [x86] kvm: x86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Nitesh Narayan Lal) [1772082]\n- [virt] kvm: introduce kvm_make_vcpus_request_mask() API (Nitesh Narayan Lal) [1772082]\n- [virt] kvm: avoid unused variable warning for UP builds (Nitesh Narayan Lal) [1772082]\n- [kernel] smp, cpumask: Use non-atomic cpumask_{set, clear}_cpu() (Nitesh Narayan Lal) [1772082]\n- [fs] nfs: change sign of nfs_fh length ('J. Bruce Fields') [1813326]\n- [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1813903]\n- [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1811511]\n- [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1790840]\n- [net] ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [1774447] {CVE-2020-1749}\n- [net] ipv6: add net argument to ip6_dst_lookup_flow (Sabrina Dubroca) [1774447] {CVE-2020-1749}\n- [net] ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments (Sabrina Dubroca) [1774447] {CVE-2020-1749}\n- [net] macvlan: return correct error value (Matteo Croce) [1654878]\n- [net] ieee802154: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779494] {CVE-2019-17053}\n- [net] ipv4: fix fnhe usage by non-cached routes (Hangbin Liu) [1788435]\n- [net] route: do not cache fib route info on local routes with oif (Hangbin Liu) [1788435]\n- [net] ip6_tunnel: fix potential NULL pointer dereference (Hangbin Liu) [1767045]\n- [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1781323]\n- [netdrv] net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) [1780646]\n[3.10.0-1130]\n- [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1798042]\n- [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1798042]\n- [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1798042]\n- [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1798042]\n- [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1798042]\n- [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1798042]\n- [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1798042]\n- [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1715986]\n- [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1806488]\n- [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1806488]\n- [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1806488]\n- [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1810643]\n- [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1810643]\n- [s390] s390/vdso: add vdso support for coarse clocks (Philipp Rudo) [1791822]\n- [s390] s390/vdso: remove NULL pointer check from clock_gettime (Philipp Rudo) [1791822]\n- [s390] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (Philipp Rudo) [1804807]\n[3.10.0-1129]\n- [tools] perf header: Use last modification time for timestamp (Michael Petlan) [1789947]\n- [tools] perf header: Fix up argument to ctime() (Michael Petlan) [1789947]\n- [hid] HID: multitouch: Add pointstick support for ALPS Touchpad (Benjamin Tissoires) [1672425]\n- [kernel] blktrace: fix dereference after null check (Ming Lei) [1798318] {CVE-2019-19768}\n- [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1798318] {CVE-2019-19768}\n- [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1798318] {CVE-2019-19768}\n- [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1798318] {CVE-2019-19768}\n- [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1798318] {CVE-2019-19768}\n- [kernel] tracing: Handle NULL formats in hold_module_trace_bprintk_format() (Oleksandr Natalenko) [1811565]\n- [kernel] tracing: Fix trace_printk() to print when not using bprintk() (Oleksandr Natalenko) [1811565]\n- [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1798457] {CVE-2019-19807}\n- [x86] kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) (Philippe Mathieu-Daud) [1783455] {CVE-2019-19332}\n- [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1801852]\n- [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1801852]\n- [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1801852]\n[3.10.0-1128]\n- [fs] ceph: only use d_name directly when parent is locked (Jeff Layton) [1699402]\n- [fs] ext4: work around deleting a file with i_nlink == 0 safely (Carlos Maiolino) [1801046]\n- [fs] xfs: attach dquots and reserve quota blocks during unwritten conversion (Carlos Maiolino) [1786005]\n- [fs] Revert 'xfs: attach dquots and reserve quota blocks during unwritten conversion' (Carlos Maiolino) [1786005]\n- [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1806400]\n- [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1806400]\n- [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1806400]\n- [target] target: call init_timer_on_stack() to initialize login_timer (Maurizio Lombardi) [1810037]\n- [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1807077]\n- [tools] selftests/livepatch: Test interaction with ftrace_enabled (Yannick Cote) [1806653]\n- [tools] selftests/livepatch: Make dynamic debug setup and restore generic (Yannick Cote) [1806653]\n- [kernel] ftrace: Introduce PERMANENT ftrace_ops flag (Yannick Cote) [1806653]\n- [tools] selftests/livepatch: push and pop dynamic debug config (Yannick Cote) [1806653]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-06T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18551", "CVE-2018-20836", "CVE-2019-12614", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16994", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19527", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19768", "CVE-2019-19807", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20636", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-0543", "CVE-2020-10690", "CVE-2020-10711", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-12888", "CVE-2020-14305", "CVE-2020-1749", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2020-10-06T00:00:00", "id": "ELSA-2020-4060", "href": "http://linux.oracle.com/errata/ELSA-2020-4060.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:01:52", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5710 advisory.\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5710)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19523", "CVE-2019-19527", "CVE-2019-19528", "CVE-2019-19532", "CVE-2019-19537"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5710.NASL", "href": "https://www.tenable.com/plugins/nessus/137226", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5710.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137226);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-19523\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19532\",\n \"CVE-2019-19537\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5710)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5710 advisory.\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5710.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19528\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.323.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5710');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.323.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.323.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.323.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.323.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.323.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.323.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.323.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.323.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.323.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.323.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:20:42", "description": "Linux v 3.10.3 stable update contains a very large number of fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-07-28T00:00:00", "type": "nessus", "title": "Fedora 19 : kernel-3.10.3-300.fc19 (2013-13663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4125"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-13663.NASL", "href": "https://www.tenable.com/plugins/nessus/69086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13663.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69086);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4125\");\n script_bugtraq_id(61166);\n script_xref(name:\"FEDORA\", value:\"2013-13663\");\n\n script_name(english:\"Fedora 19 : kernel-3.10.3-300.fc19 (2013-13663)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Linux v 3.10.3 stable update contains a very large number of fixes\nacross the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=984664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112619.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c7e7010\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.10.3-300.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:05", "description": "Update to latest upstream stable release, Linux v3.9.11. Various fixes across the tree. This is the last 3.9.y kernel before F18 will be rebased to 3.10.y.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-07-24T00:00:00", "type": "nessus", "title": "Fedora 18 : kernel-3.9.11-200.fc18 (2013-13536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4125"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-13536.NASL", "href": "https://www.tenable.com/plugins/nessus/69028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13536.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69028);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4125\");\n script_xref(name:\"FEDORA\", value:\"2013-13536\");\n\n script_name(english:\"Fedora 18 : kernel-3.9.11-200.fc18 (2013-13536)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream stable release, Linux v3.9.11. Various fixes\nacross the tree. This is the last 3.9.y kernel before F18 will be\nrebased to 3.10.y.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=984664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ba45804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.9.11-200.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2018-12-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1548.NASL", "href": "https://www.tenable.com/plugins/nessus/119708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1548.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119708);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)\");\n script_summary(english:\"Check for the openSUSE-2018-1548 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_{en,dis}able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-${flavor}-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_{un,}break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T11:53:29", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 / 15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2023-06-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL36462841.NASL", "href": "https://www.tenable.com/plugins/nessus/162943", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K36462841.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162943);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/02\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K36462841)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 14.1.5 / 15.1.5.1 /\n15.1.6 / 16.1.2.2 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K36462841\nadvisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://my.f5.com/manage/s/article/K36462841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K36462841.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K36462841';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'DNS': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4'\n ],\n 'unaffected': [\n '17.0.0','16.1.3','16.1.2.2','15.1.6','15.1.5.1','14.1.5','14.1.4.6','13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:02", "description": "The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322 Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n\n - Input: xpad - fix some coding style issues (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2 (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move() (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n\n - autofs: mount point create should honour passed in mode (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock (networking-stable-18_10_16).\n\n - bonding: fix length of actor system (networking-stable-18_11_02).\n\n - bonding: fix warning message (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n\n - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).\n\n - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).\n\n - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n\n - fscache: fix race between enablement and dropping of object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger (bsc#1051510).\n\n - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n\n - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n\n - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n\n - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n\n - nfsd: check for use of the closed special stateid (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n\n - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n\n - rds: fix two RCU related problems (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-$(flavor)-devel packages if it exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches\n\n - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path (bsc#1114584).\n\n - scsi: sysfs: Introduce sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n\n - scsi: target: tcmu: add read length support (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver() (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs ().\n\n - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-974.NASL", "href": "https://www.tenable.com/plugins/nessus/123397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-974.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18281\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)\");\n script_summary(english:\"Check for the openSUSE-2019-974 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to 4.12.14-lp150.12.28.1 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\nThe following non-security bugs were fixed :\n\n - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail\n DMA controllers (bsc#1051510).\n\n - ACPI / platform: Add SMB0001 HID to forbidden_id_list\n (bsc#1051510).\n\n - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table\n uses RTC SRAM (bsc#1051510).\n\n - ACPI/APEI: Handle GSIV and GPIO notification types\n (bsc#1115567). \n\n - ACPI/IORT: Fix iort_get_platform_device_domain()\n uninitialized pointer value (bsc#1051510).\n\n - ACPICA: Tables: Add WSMT support (bsc#1089350).\n\n - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control\n write (bsc#1051510).\n\n - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio\n pops (bsc#1051510).\n\n - ALSA: control: Fix race between adding and removing a\n user element (bsc#1051510).\n\n - ALSA: hda/ca0132 - Call pci_iounmap() instead of\n iounmap() (bsc#1051510).\n\n - ALSA: hda/realtek - Add GPIO data update helper\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre\n x360 laptop (bsc#1051510).\n\n - ALSA: hda/realtek - Allow skipping spec->init_amp\n detection (bsc#1051510).\n\n - ALSA: hda/realtek - Fix HP Headset Mic can't record\n (bsc#1051510).\n\n - ALSA: hda/realtek - Manage GPIO bits commonly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling\n (bsc#1051510).\n\n - ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n\n - ALSA: hda/realtek - fix headset mic detection for MSI\n MS-B171 (bsc#1051510).\n\n - ALSA: hda/realtek - fix the pop noise on headphone for\n lenovo laptops (bsc#1051510).\n\n - ALSA: hda: Add ASRock N68C-S UCC the power_save\n blacklist (bsc#1051510).\n\n - ALSA: oss: Use kvzalloc() for local buffer allocations\n (bsc#1051510).\n\n - ALSA: sparc: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ALSA: usb-audio: Add vendor and product name for Dell\n WD19 Dock (bsc#1051510).\n\n - ALSA: wss: Fix invalid snd_free_pages() at error path\n (bsc#1051510).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bsc#1051510).\n\n - ASoC: Intel: cht_bsw_max98090: add support for Baytrail\n (bsc#1051510).\n\n - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE\n to dwc (bsc#1085535)\n\n - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards\n using pmc_plt_clk_0 (bsc#1051510).\n\n - ASoC: sun8i-codec: fix crash on module removal\n (bsc#1051510).\n\n - Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n\n - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth\n (bsc#1051510).\n\n - Btrfs: fix assertion failure during fsync in no-holes\n mode (bsc#1118136).\n\n - Btrfs: fix assertion on fsync of regular file when using\n no-holes feature (bsc#1118137).\n\n - Btrfs: fix cur_offset in the error case for nocow\n (bsc#1118140).\n\n - Btrfs: fix data corruption due to cloning of eof block\n (bsc#1116878).\n\n - Btrfs: fix deadlock on tree root leaf when finding free\n extent (bsc#1116876).\n\n - Btrfs: fix deadlock when writing out free space caches\n (bsc#1116700).\n\n - Btrfs: fix infinite loop on inode eviction after\n deduplication of eof block (bsc#1116877).\n\n - Btrfs: fix NULL pointer dereference on compressed write\n path error (bsc#1116698).\n\n - Btrfs: fix use-after-free during inode eviction\n (bsc#1116701).\n\n - Btrfs: fix use-after-free when dumping free space\n (bsc#1116862).\n\n - Btrfs: fix warning when replaying log after fsync of a\n tmpfile (bsc#1116692).\n\n - Btrfs: fix wrong dentries after fsync of file that got\n its parent replaced (bsc#1116693).\n\n - Btrfs: send, fix infinite loop due to directory rename\n dependencies (bsc#1118138).\n\n - Documentation/l1tf: Fix typos (bsc#1051510).\n\n - Documentation/l1tf: Remove Yonah processors from not\n vulnerable list (bsc#1051510).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114279).\n\n - EDAC: Raise the maximum number of memory controllers\n (bsc#1113780).\n\n - Fix kABI for 'Ensure we commit after writeback is\n complete' (bsc#1111809).\n\n - Fix some patch headers which diverge from RFC5322\n Manually fix some patches which have an invalid header.\n\n - HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n\n - HID: uhid: forbid UHID_CREATE under KERNEL_DS or\n elevated privileges (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15IGM (bsc#1051510).\n\n - Input: synaptics - avoid using uninitialized variable\n when probing (bsc#1051510).\n\n - Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n\n - Input: xpad - add support for Xbox1 PDP Camo series\n gamepad (bsc#1051510).\n\n - Input: xpad - avoid using __set_bit() for capabilities\n (bsc#1051510).\n\n - Input: xpad - fix some coding style issues\n (bsc#1051510).\n\n - KABI fix for 'NFSv4.1: Fix up replays of interrupted\n requests' (git-fixes).\n\n - KABI: hide new member in struct iommu_table from\n genksyms (bsc#1061840).\n\n - KABI: powerpc: Revert npu callback signature change\n (bsc#1055120).\n\n - KABI: powerpc: export __find_linux_pte as\n __find_linux_pte_or_hugepte (bsc#1061840).\n\n - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move\n vcpu->arch.gpr[] into it (bsc#1061840).\n\n - KVM: PPC: Avoid marking DMA-mapped pages dirty in real\n mode (bsc#1061840).\n\n - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit\n path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG\n interface (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Add of_node_put() in success path\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow HPT and radix on the same\n core for POWER9 v2.2 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Allow creating max number of VCPUs\n on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid crash from THP collapse\n during radix page fault (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Avoid shifts by negative amounts\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check DR not IR to chose real vs\n virt mode MMIOs (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR\n value loaded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use compound_order to\n determine host mapping size (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag\n for XIVE escalations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Enable migration of decrementer\n register (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Factor fake-suspend handling out of\n kvmppc_save/restore_tm (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or\n 1GB memory backing (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix conditions for starting vcpu\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix constant size warning\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix duplication of host SLB entries\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix guest r11 corruption with\n POWER9 TM workarounds (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of large pages in\n radix page fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in\n HPT resizing code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix inaccurate comment\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real\n mode interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix trap number return from\n __kvmppc_vcore_entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix typo in\n kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle 1GB pages in radix page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Improve handling of debug-trigger\n HMIs on POWER9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt\n masked unless ceded (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix clear pte when unmapping\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make radix use correct tlbie\n sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU\n ID space (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Radix page fault handler\n optimizations (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under\n kvm->lock (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Recursively unmap all page table\n entries when unmapping (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove useless statement\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage\n (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to\n Linux handlers (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR\n count correctly (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Snapshot timebase offset on guest\n entry (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Streamline setting of reference and\n change bits (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page\n fault handler (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the\n radix fault path (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts\n on CPU priority change (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Do not clear partition PTE\n when RC or write bits do not match (bsc#1061840).\n\n - KVM: PPC: Book3S HV: radix: Refine IO region partition\n scope attributes (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Add guest MSR parameter for\n kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n\n - KVM: PPC: Book3S PR: Move\n kvmppc_save_tm/kvmppc_restore_tm to separate file\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Add MMIO emulation for VMX\n instructions (bsc#1061840).\n\n - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages\n with smaller physical pages (bsc#1061840).\n\n - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64\n parameters (bsc#1061840).\n\n - KVM: PPC: Book3S: Eliminate some unnecessary checks\n (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix compile error that occurs with\n some gcc versions (bsc#1061840).\n\n - KVM: PPC: Book3S: Fix matching of hardware and emulated\n TCE tables (bsc#1061840).\n\n - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE\n (bsc#1061840).\n\n - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage\n issue (bsc#1061840).\n\n - KVM: PPC: Make iommu_table::it_userspace big endian\n (bsc#1061840).\n\n - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in\n kvm_vcpu_arch (bsc#1061840).\n\n - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()\n (bsc#1061840).\n\n - KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n\n - KVM: arm/arm64: Introduce vcpu_el1_is_32bit\n (bsc#1110998).\n\n - KVM: nVMX: Always reflect #NM VM-exits to L1\n (bsc#1106240).\n\n - KVM: nVMX: move check_vmentry_postreqs() call to\n nested_vmx_enter_non_root_mode() (bsc#1106240).\n\n - KVM: s390: vsie: copy wrapping keys to right place\n (git-fixes).\n\n - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING\n hypercall (bsc#1106240).\n\n - MD: fix invalid stored role for a disk - try2\n (git-fixes).\n\n - NFS: Avoid RCU usage in tracepoints (git-fixes).\n\n - NFS: Ensure we commit after writeback is complete\n (bsc#1111809).\n\n - NFS: Fix a typo in nfs_rename() (git-fixes).\n\n - NFS: Fix an incorrect type in struct nfs_direct_req\n (git-fixes).\n\n - NFS: Fix typo in nomigration mount option (git-fixes).\n\n - NFS: Fix unstable write completion (git-fixes).\n\n - NFS: commit direct writes even if they fail partially\n (git-fixes).\n\n - NFSv4.0 fix client reference leak in callback\n (git-fixes).\n\n - NFSv4.1 fix infinite loop on I/O (git-fixes).\n\n - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock\n (git-fixes).\n\n - NFSv4.1: Fix the client behaviour on\n NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n\n - NFSv4.1: Fix up replays of interrupted requests\n (git-fixes).\n\n - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes).\n\n - PCI/ASPM: Do not initialize link state when\n aspm_disabled is set (bsc#1051510).\n\n - PCI/MSI: Warn and return error if driver enables\n MSI/MSI-X twice (bsc#1051510).\n\n - PCI: Add Device IDs for Intel GPU 'spurious interrupt'\n quirk (bsc#1051510).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: imx6: Fix link training status detection in link up\n check (bsc#1109806).\n\n - PCI: iproc: Remove PAXC slot check to allow VF support\n (bsc#1109806).\n\n - PCI: vmd: Assign vector zero to all bridges\n (bsc#1109806).\n\n - PCI: vmd: Detach resources after stopping root bus\n (bsc#1109806).\n\n - PCI: vmd: White list for fast interrupt handlers\n (bsc#1109806).\n\n - SUNRPC: Allow connect to return EHOSTUNREACH\n (git-fixes).\n\n - SUNRPC: Fix tracepoint storage issues with svc_recv and\n svc_rqst_status (git-fixes).\n\n - USB: misc: appledisplay: add 20' Apple Cinema Display\n (bsc#1051510).\n\n - USB: omap_udc: fix rejection of out transfers when DMA\n is used (bsc#1051510).\n\n - USB: quirks: Add no-lpm quirk for Raydium touchscreens\n (bsc#1051510).\n\n - USB: serial: option: add two-endpoints device-id flag\n (bsc#1051510).\n\n - USB: serial: option: drop redundant interface-class test\n (bsc#1051510).\n\n - USB: serial: option: improve Quectel EP06 detection\n (bsc#1051510).\n\n - VFS: close race between getcwd() and d_move()\n (git-fixes).\n\n - VMCI: Resource wildcard match fixed (bsc#1051510).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1116895).\n\n - acpi/nfit, x86/mce: Handle only uncorrectable machine\n checks (bsc#1114279).\n\n - acpi/nfit, x86/mce: Validate a MCE's address before\n using it (bsc#1114279).\n\n - act_ife: fix a potential use-after-free\n (networking-stable-18_09_11).\n\n - amd/iommu: Fix Guest Virtual APIC Log Tail Address\n Register (bsc#1106105).\n\n - arm64: KVM: Move CPU ID reg trap setup off the world\n switch path (bsc#1110998).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bsc#1110998).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bsc#1110998).\n\n - ata: Fix racy link clearance (bsc#1107866).\n\n - ataflop: fix error handling during setup (bsc#1051510).\n\n - ath10k: schedule hardware restart if WMI command times\n out (bsc#1051510).\n\n - autofs: fix autofs_sbi() does not check super block type\n (git-fixes).\n\n - autofs: fix slab out of bounds read in getname_kernel()\n (git-fixes).\n\n - autofs: mount point create should honour passed in mode\n (git-fixes).\n\n - badblocks: fix wrong return value in badblocks_set if\n badblocks are disabled (git-fixes).\n\n - batman-adv: Expand merged fragment buffer for full\n packet (bsc#1051510).\n\n - batman-adv: Use explicit tvlv padding for ELP packets\n (bsc#1051510).\n\n - bitops: protect variables in bit_clear_unless() macro\n (bsc#1051510).\n\n - bitops: protect variables in set_mask_bits() macro\n (bsc#1051510).\n\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n\n - block: respect virtual boundary mask in bvecs\n (bsc#1113412).\n\n - bnxt_en: Fix TX timeout during netpoll\n (networking-stable-18_10_16).\n\n - bnxt_en: free hwrm resources, if driver probe fails\n (networking-stable-18_10_16).\n\n - bonding: avoid possible dead-lock\n (networking-stable-18_10_16).\n\n - bonding: fix length of actor system\n (networking-stable-18_11_02).\n\n - bonding: fix warning message\n (networking-stable-18_10_16).\n\n - bonding: pass link-local packets to bonding master also\n (networking-stable-18_10_16).\n\n - bpf, net: add skb_mac_header_len helper\n (networking-stable-18_09_24).\n\n - bpf: fix partial copy of map_ptr when dst is scalar\n (bsc#1083647).\n\n - bpf: wait for running BPF programs when updating\n map-in-map (bsc#1083647).\n\n - brcmfmac: fix for proper support of 160MHz bandwidth\n (bsc#1051510).\n\n - brcmfmac: fix reporting support for 160 MHz channels\n (bsc#1051510).\n\n - brcmutil: really fix decoding channel info for 160 MHz\n bandwidth (bsc#1051510).\n\n - bridge: do not add port to router list when receives\n query with source 0.0.0.0 (networking-stable-18_11_02).\n\n - btrfs: make sure we create all new block groups\n (bsc#1116699).\n\n - btrfs: protect space cache inode alloc with GFP_NOFS\n (bsc#1116863).\n\n - cachefiles: fix the race between\n cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): Do not crash the kernel\n if can_priv::echo_skb is accessed out of bounds\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): print error message, if\n trying to echo non existing skb (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): replace struct can_frame\n by canfd_frame to access frame length (bsc#1051510).\n\n - can: dev: can_get_echo_skb(): factor out non sending\n code to __can_get_echo_skb() (bsc#1051510).\n\n - can: hi311x: Use level-triggered interrupt\n (bsc#1051510).\n\n - can: raw: check for CAN FD capable netdev in\n raw_sendmsg() (bsc#1051510).\n\n - can: rcar_can: Fix erroneous registration (bsc#1051510).\n\n - can: rx-offload: introduce can_rx_offload_get_echo_skb()\n and can_rx_offload_queue_sorted() functions\n (bsc#1051510).\n\n - cdc-acm: correct counting of UART states in serial state\n notification (bsc#1051510).\n\n - cdc-acm: do not reset notification buffer index upon urb\n unlinking (bsc#1051510).\n\n - ceph: fix dentry leak in ceph_readdir_prepopulate\n (bsc#1114839).\n\n - ceph: quota: fix NULL pointer dereference in quota check\n (bsc#1114839).\n\n - cfg80211: Address some corner cases in scan result\n channel updating (bsc#1051510).\n\n - cfg80211: fix use-after-free in reg_process_hint()\n (bsc#1051510).\n\n - clk: at91: Fix division by zero in PLL recalc_rate()\n (bsc#1051510).\n\n - clk: fixed-factor: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: fixed-rate: fix of_node_get-put imbalance\n (bsc#1051510).\n\n - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk\n (bsc#1051510).\n\n - clk: rockchip: Fix static checker warning in\n rockchip_ddrclk_get_parent call (bsc#1051510).\n\n - clk: s2mps11: Add used attribute to s2mps11_dt_match\n (bsc#1051510).\n\n - clk: s2mps11: Fix matching when built as module and DT\n node contains compatible (bsc#1051510).\n\n - clk: samsung: exynos5420: Enable PERIS clocks for\n suspend (bsc#1051510).\n\n - clockevents/drivers/i8253: Add support for PIT shutdown\n quirk (bsc#1051510).\n\n - configfs: replace strncpy with memcpy (bsc#1051510).\n\n - crypto: simd - correctly take reqsize of wrapped\n skcipher into account (bsc#1051510).\n\n - do d_instantiate/unlock_new_inode combinations safely\n (git-fixes).\n\n - driver/dma/ioat: Call del_timer_sync() without holding\n prep_lock (bsc#1051510).\n\n - drm/amdgpu: add missing CHIP_HAINAN in\n amdgpu_ucode_get_load_type (bsc#1051510).\n\n - drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n\n - drm/ast: Remove existing framebuffers before loading\n driver (boo#1112963)\n\n - drm/ast: change resolution may cause screen blurred\n (boo#1112963).\n\n - drm/ast: fixed cursor may disappear sometimes\n (bsc#1051510).\n\n - drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n\n - drm/dp_mst: Skip validating ports during destruction,\n just ref (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n\n - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion\n 15-n233sl (bsc#1113722)\n\n - drm/i915/execlists: Force write serialisation into\n context image vs execution (bsc#1051510).\n\n - drm/i915/glk: Remove 99% limitation (bsc#1051510).\n\n - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N\n values (bsc#1051510).\n\n - drm/i915: Do not oops during modeset shutdown after lpe\n audio deinit (bsc#1051510).\n\n - drm/i915: Do not unset intel_connector->mst_port\n (bsc#1051510).\n\n - drm/i915: Fix ilk+ watermarks when disabling pipes\n (bsc#1051510).\n\n - drm/i915: Large page offsets for pread/pwrite\n (bsc#1051510).\n\n - drm/i915: Mark pin flags as u64 (bsc#1051510).\n\n - drm/i915: Skip vcpi allocation for MSTB ports that are\n gone (bsc#1051510).\n\n - drm/i915: Write GPU relocs harder with gen3\n (bsc#1051510).\n\n - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config\n (bsc#1051510).\n\n - drm/meson: Fix OOB memory accesses in\n meson_viu_set_osd_lut() (bsc#1051510).\n\n - drm/meson: add support for 1080p25 mode (bsc#1051510).\n\n - drm/nouveau: Check backlight IDs are >= 0, not > 0\n (bsc#1051510).\n\n - drm/omap: fix memory barrier bug in DMM driver\n (bsc#1051510).\n\n - drm/rockchip: Allow driver to be shutdown on\n reboot/kexec (bsc#1051510).\n\n - drm: fb-helper: Reject all pixel format changing\n requests (bsc#1113722)\n\n - ext4: add missing brelse() add_new_gdb_meta_bg()'s error\n path (bsc#1117795).\n\n - ext4: add missing brelse() in\n set_flexbg_block_bitmap()'s error path (bsc#1117794).\n\n - ext4: add missing brelse() update_backups()'s error path\n (bsc#1117796).\n\n - ext4: avoid buffer leak in ext4_orphan_add() after prior\n errors (bsc#1117802).\n\n - ext4: avoid buffer leak on shutdown in\n ext4_mark_iloc_dirty() (bsc#1117801).\n\n - ext4: avoid potential extra brelse in\n setup_new_flex_group_blocks() (bsc#1117792).\n\n - ext4: fix buffer leak in __ext4_read_dirblock() on error\n path (bsc#1117807).\n\n - ext4: fix buffer leak in ext4_xattr_move_to_block() on\n error path (bsc#1117806).\n\n - ext4: fix missing cleanup if ext4_alloc_flex_bg_array()\n fails while resizing (bsc#1117798).\n\n - ext4: fix possible inode leak in the retry loop of\n ext4_resize_fs() (bsc#1117799).\n\n - ext4: fix possible leak of s_journal_flag_rwsem in error\n path (bsc#1117804).\n\n - ext4: fix possible leak of sbi->s_group_desc_leak in\n error path (bsc#1117803).\n\n - ext4: fix setattr project check in fssetxattr ioctl\n (bsc#1117789).\n\n - ext4: fix use-after-free race in ext4_remount()'s error\n path (bsc#1117791).\n\n - ext4: initialize retries variable in\n ext4_da_write_inline_data_begin() (bsc#1117788).\n\n - ext4: propagate error from dquot_initialize() in\n EXT4_IOC_FSSETXATTR (bsc#1117790).\n\n - ext4: release bs.bh before re-using in\n ext4_xattr_block_find() (bsc#1117805).\n\n - fbdev: fix broken menu dependencies (bsc#1113722)\n\n - firmware: dcdbas: Add support for WSMT ACPI table\n (bsc#1089350 ).\n\n - firmware: dcdbas: include linux/io.h (bsc#1089350).\n\n - floppy: fix race condition in __floppy_read_block_0()\n (bsc#1051510).\n\n - flow_dissector: do not dissect l4 ports for fragments\n (networking-stable-18_11_21).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (git-fixes).\n\n - fs: Make extension of struct super_block transparent\n (bsc#1117822).\n\n - fs: dcache: Avoid livelock between d_alloc_parallel and\n __d_add (git-fixes).\n\n - fs: dcache: Use READ_ONCE when accessing i_dir_seq\n (git-fixes).\n\n - fscache: fix race between enablement and dropping of\n object (bsc#1107385).\n\n - fsnotify: Fix busy inodes during unmount (bsc#1117822).\n\n - fsnotify: fix ignore mask logic in fsnotify()\n (bsc#1115074).\n\n - ftrace: Fix debug preempt config name in\n stack_tracer_(en,dis)able (bsc#1117172).\n\n - ftrace: Fix kmemleak in unregister_ftrace_graph\n (bsc#1117181).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bsc#1117174).\n\n - ftrace: Remove incorrect setting of glob search field\n (bsc#1117184).\n\n - genirq: Fix race on spurious interrupt detection\n (bsc#1051510).\n\n - getname_kernel() needs to make sure that ->name !=\n ->iname in long case (git-fixes).\n\n - gpio: do not free unallocated ida on\n gpiochip_add_data_with_key() error path (bsc#1051510).\n\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook\n (git-fixes).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (networking-stable-18_09_24).\n\n - hv_netvsc: ignore devices that are not PCI\n (networking-stable-18_09_11).\n\n - hwmon (ina2xx) Fix NULL id pointer in probe()\n (bsc#1051510).\n\n - hwmon: (core) Fix double-free in\n __hwmon_device_register() (bsc#1051510).\n\n - hwmon: (ibmpowernv) Remove bogus __init annotations\n (bsc#1051510).\n\n - hwmon: (ina2xx) Fix current value calculation\n (bsc#1051510).\n\n - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n\n - hwmon: (pmbus) Fix page count auto-detection\n (bsc#1051510).\n\n - hwmon: (pwm-fan) Set fan speed to 0 on suspend\n (bsc#1051510).\n\n - hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n\n - hwmon: (w83795) temp4_type has writable permission\n (bsc#1051510).\n\n - ibmvnic: fix accelerated VLAN handling ().\n\n - ibmvnic: fix index in release_rx_pools (bsc#1115440,\n bsc#1115433).\n\n - ibmvnic: remove ndo_poll_controller ().\n\n - iio: accel: adxl345: convert address field usage in\n iio_chan_spec (bsc#1051510).\n\n - iio: ad5064: Fix regulator handling (bsc#1051510).\n\n - iio:st_magn: Fix enable device after trigger\n (bsc#1051510).\n\n - ima: fix showing large 'violations' or\n 'runtime_measurements_count' (bsc#1051510).\n\n - include/linux/pfn_t.h: force '~' to be parsed as an\n unary operator (bsc#1051510).\n\n - inet: make sure to grab rcu_read_lock before using\n ireq->ireq_opt (networking-stable-18_10_16).\n\n - iommu/arm-smmu: Ensure that page-table updates are\n visible before TLBI (bsc#1106237).\n\n - iommu/ipmmu-vmsa: Fix crash on early domain free\n (bsc#1106105).\n\n - iommu/vt-d: Fix NULL pointer dereference in\n prq_event_thread() (bsc#1106105).\n\n - iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n\n - ip6_tunnel: Fix encapsulation layout\n (networking-stable-18_11_02).\n\n - ip6_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip6_vti: fix a NULL pointer deference when destroy vti6\n tunnel (networking-stable-18_09_11).\n\n - ip_tunnel: be careful when accessing the inner header\n (networking-stable-18_10_16).\n\n - ip_tunnel: do not force DF when MTU is locked\n (networking-stable-18_11_21).\n\n - ipmi: Fix timer race with module unload (bsc#1051510).\n\n - ipv4: lock mtu in fnhe when received PMTU\n net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n\n - ipv4: tcp: send zero IPID for RST and ACK sent in\n SYN-RECV and TIME-WAIT state\n (networking-stable-18_09_11).\n\n - ipv6/ndisc: Preserve IPv6 control buffer if protocol\n error handlers are called (networking-stable-18_11_02).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (networking-stable-18_09_24).\n\n - ipv6: mcast: fix a use-after-free in inet6_mc_check\n (networking-stable-18_11_02).\n\n - ipv6: take rcu lock in rawv6_send_hdrinc()\n (networking-stable-18_10_16).\n\n - iwlwifi: dbg: allow wrt collection before ALIVE\n (bsc#1051510).\n\n - iwlwifi: do not WARN on trying to dump dead firmware\n (bsc#1051510).\n\n - iwlwifi: mvm: check for short GI only for OFDM\n (bsc#1051510).\n\n - iwlwifi: mvm: check return value of\n rs_rate_from_ucode_rate() (bsc#1051510).\n\n - iwlwifi: mvm: do not use SAR Geo if basic SAR is not\n used (bsc#1051510).\n\n - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n\n - iwlwifi: mvm: fix regulatory domain update when the\n firmware starts (bsc#1051510).\n\n - iwlwifi: mvm: support sta_statistics() even on older\n firmware (bsc#1051510).\n\n - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n\n - kABI: protect struct fib_nh_exception (kabi).\n\n - kABI: protect struct rtable (kabi).\n\n - kabi/severities: ignore __xive_vm_h_* KVM internal\n symbols.\n\n - kabi/severities: ignore ppc64 realmode helpers. KVM\n fixes remove exports of realmode_pfn_to_page\n iommu_tce_xchg_rm mm_iommu_lookup_rm\n mm_iommu_ua_to_hpa_rm. Some are no longer used and\n others are no longer exported because the code was\n consolideted in one place. These helpers are to be\n called in realmode and linking to them from non-KVM\n modules is a bug. Hence removing them does not break\n KABI.\n\n - kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n\n - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).\n\n - kbuild: move '_all' target out of $(KBUILD_SRC)\n conditional (bsc#1114279).\n\n - kgdboc: Passing ekgdboc to command line causes panic\n (bsc#1051510).\n\n - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n\n - libertas: do not set URB_ZERO_PACKET on IN USB transfer\n (bsc#1051510).\n\n - libnvdimm, region: Fail badblocks listing for inactive\n regions (bsc#1116899).\n\n - libnvdimm: Hold reference on parent while scheduling\n async init (bsc#1116891).\n\n - livepatch: create and include UAPI headers ().\n\n - llc: set SOCK_RCU_FREE in llc_sap_add_socket()\n (networking-stable-18_11_02).\n\n - lockd: fix 'list_add double add' caused by legacy signal\n interface (git-fixes).\n\n - mac80211: Always report TX status (bsc#1051510).\n\n - mac80211: TDLS: fix skb queue/priority assignment\n (bsc#1051510).\n\n - mac80211: fix TX status reporting for ieee80211s\n (bsc#1051510).\n\n - mac80211_hwsim: do not omit multicast announce of first\n added radio (bsc#1051510).\n\n - mach64: fix display corruption on big endian machines\n (bsc#1113722)\n\n - mach64: fix image corruption due to reading accelerator\n registers (bsc#1113722)\n\n - mailbox: PCC: handle parse error (bsc#1051510).\n\n - make sure that __dentry_kill() always invalidates d_seq,\n unhashed or not (git-fixes).\n\n - md/raid10: fix that replacement cannot complete recovery\n after reassemble (git-fixes).\n\n - md/raid1: add error handling of read error from FailFast\n device (git-fixes).\n\n - md/raid5-cache: disable reshape completely (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (git-fixes).\n\n - md: fix NULL dereference of mddev->pers in\n remove_and_add_spares() (git-fixes).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: menelaus: Fix possible race condition and leak\n (bsc#1051510).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bsc#1051510).\n\n - mlxsw: spectrum: Fix IP2ME CPU policer configuration\n (networking-stable-18_11_21).\n\n - mm: handle no memcg case in memcg_kmem_charge() properly\n (bnc#1113677).\n\n - mm: rework memcg kernel stack accounting (bnc#1113677).\n\n - mmc: dw_mmc-rockchip: correct property names in debug\n (bsc#1051510).\n\n - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev\n 0x8620 rev 0x01 (bsc#1051510).\n\n - modpost: ignore livepatch unresolved relocations ().\n\n - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED\n mounts (bsc#1117819).\n\n - mount: Prevent MNT_DETACH from disconnecting locked\n mounts (bsc#1117820).\n\n - mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (networking-stable-18_09_24).\n\n - net-gro: reset skb->pkt_type in napi_reuse_skb()\n (networking-stable-18_11_21).\n\n - net/af_iucv: drop inbound packets with invalid flags\n (bnc#1113501, LTC#172679).\n\n - net/af_iucv: fix skb handling on HiperTransport xmit\n error (bnc#1113501, LTC#172679).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (networking-stable-18_09_24).\n\n - net/ibmnvic: Fix deadlock problem in reset ().\n\n - net/ibmvnic: Fix RTNL deadlock during device reset\n (bnc#1115431).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (networking-stable-18_10_16).\n\n - net/ipv6: Fix index counter for unicast addresses in\n in6_dump_addrs (networking-stable-18_11_02).\n\n - net/mlx5: Check for error in mlx5_attach_interface\n (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix memory leak when creating\n switchdev mode FDB tables (networking-stable-18_09_18).\n\n - net/mlx5: E-Switch, Fix out of bound access when setting\n vport rate (networking-stable-18_10_16).\n\n - net/mlx5: Fix debugfs cleanup in the device init/remove\n flow (networking-stable-18_09_18).\n\n - net/mlx5: Fix use-after-free in self-healing flow\n (networking-stable-18_09_18).\n\n - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page\n fault type (networking-stable-18_11_02).\n\n - net/mlx5e: Fix selftest for small MTUs\n (networking-stable-18_11_21).\n\n - net/mlx5e: Set vlan masks for all offloaded TC rules\n (networking-stable-18_10_16).\n\n - net/packet: fix packet drop as of virtio gso\n (networking-stable-18_10_16).\n\n - net/sched: act_pedit: fix dump of extended layered op\n (networking-stable-18_09_11).\n\n - net/sched: act_sample: fix NULL dereference in the data\n path (networking-stable-18_09_24).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (networking-stable-18_10_16).\n\n - net: aquantia: memory corruption on jumbo frames\n (networking-stable-18_10_16).\n\n - net: bcmgenet: Poll internal PHY for GENETv5\n (networking-stable-18_11_02).\n\n - net: bcmgenet: protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (networking-stable-18_09_11).\n\n - net: bridge: remove ipv6 zero address check in mcast\n queries (git-fixes).\n\n - net: dsa: bcm_sf2: Call setup during switch resume\n (networking-stable-18_10_16).\n\n - net: dsa: bcm_sf2: Fix unbind ordering\n (networking-stable-18_10_16).\n\n - net: ena: Fix Kconfig dependency on X86 (bsc#1111696\n bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_com (bsc#1111696 bsc#1117561).\n\n - net: ena: add functions for handling Low Latency Queues\n in ena_netdev (bsc#1111696 bsc#1117561).\n\n - net: ena: change rx copybreak default to reduce kernel\n memory pressure (bsc#1111696 bsc#1117561).\n\n - net: ena: complete host info to match latest ENA spec\n (bsc#1111696 bsc#1117561).\n\n - net: ena: enable Low Latency Queues (bsc#1111696\n bsc#1117561).\n\n - net: ena: explicit casting and initialization, and\n clearer error handling (bsc#1111696 bsc#1117561).\n\n - net: ena: fix NULL dereference due to untimely napi\n initialization (bsc#1111696 bsc#1117561).\n\n - net: ena: fix auto casting to boolean (bsc#1111696\n bsc#1117561).\n\n - net: ena: fix compilation error in xtensa architecture\n (bsc#1111696 bsc#1117561).\n\n - net: ena: fix crash during failed resume from\n hibernation (bsc#1111696 bsc#1117561).\n\n - net: ena: fix indentations in ena_defs for better\n readability (bsc#1111696 bsc#1117561).\n\n - net: ena: fix rare bug when failed restart/resume is\n followed by driver removal (bsc#1111696 bsc#1117561).\n\n - net: ena: fix warning in rmmod caused by double iounmap\n (bsc#1111696 bsc#1117561).\n\n - net: ena: introduce Low Latency Queues data structures\n according to ENA spec (bsc#1111696 bsc#1117561).\n\n - net: ena: limit refill Rx threshold to 256 to avoid\n latency issues (bsc#1111696 bsc#1117561).\n\n - net: ena: minor performance improvement (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove ndo_poll_controller (bsc#1111696\n bsc#1117561).\n\n - net: ena: remove redundant parameter in\n ena_com_admin_init() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version to 2.0.1 (bsc#1111696\n bsc#1117561).\n\n - net: ena: use CSUM_CHECKED device indication to report\n skb's checksum status (bsc#1111696 bsc#1117561).\n\n - net: fec: do not dump RX FIFO register when not\n available (networking-stable-18_11_02).\n\n - net: hns: fix for unmapping problem when SMMU is on\n (networking-stable-18_10_16).\n\n - net: hp100: fix always-true check for link up state\n (networking-stable-18_09_24).\n\n - net: ibm: fix return type of ndo_start_xmit function ().\n\n - net: ipmr: fix unresolved entry dumps\n (networking-stable-18_11_02).\n\n - net: macb: do not disable MDIO bus at open/close time\n (networking-stable-18_09_11).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (networking-stable-18_10_16).\n\n - net: mvpp2: fix a txq_done race condition\n (networking-stable-18_10_16).\n\n - net: phy: mdio-gpio: Fix working over slow can_sleep\n GPIOs (networking-stable-18_11_21).\n\n - net: qca_spi: Fix race condition in spi transfers\n (networking-stable-18_09_18).\n\n - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n\n - net: sched: Fix for duplicate class dump\n (networking-stable-18_11_02).\n\n - net: sched: Fix memory exposure from short TCA_U32_SEL\n (networking-stable-18_09_11).\n\n - net: sched: action_ife: take reference to meta module\n (networking-stable-18_09_11).\n\n - net: sched: gred: pass the right attribute to\n gred_change_table_def() (networking-stable-18_11_02).\n\n - net: smsc95xx: Fix MTU range\n (networking-stable-18_11_21).\n\n - net: socket: fix a missing-check bug\n (networking-stable-18_11_02).\n\n - net: stmmac: Fix stmmac_mdio_reset() when building\n stmmac as modules (networking-stable-18_11_02).\n\n - net: stmmac: Fixup the tail addr setting in xmit path\n (networking-stable-18_10_16).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (networking-stable-18_10_16).\n\n - net: systemport: Protect stop from timeout\n (networking-stable-18_11_21).\n\n - net: udp: fix handling of CHECKSUM_COMPLETE packets\n (networking-stable-18_11_02).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (networking-stable-18_10_16).\n\n - nfp: wait for posted reconfigs when disabling the device\n (networking-stable-18_09_11).\n\n - nfs: do not wait on commit in nfs_commit_inode() if\n there were no commit requests (git-fixes).\n\n - nfsd4: permit layoutget of executable-only files\n (git-fixes).\n\n - nfsd: CLOSE SHOULD return the invalid special stateid\n for NFSv4.x (x>0) (git-fixes).\n\n - nfsd: Ensure we check stateid validity in the seqid\n operation checks (git-fixes).\n\n - nfsd: Fix another OPEN stateid race (git-fixes).\n\n - nfsd: Fix stateid races between OPEN and CLOSE\n (git-fixes).\n\n - nfsd: check for use of the closed special stateid\n (git-fixes).\n\n - nfsd: deal with revoked delegations appropriately\n (git-fixes).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (git-fixes).\n\n - nfsd: fix potential use-after-free in\n nfsd4_decode_getdeviceinfo (git-fixes).\n\n - nfsd: restrict rd_maxcount to svc_max_payload in\n nfsd_encode_readdir (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT\n (bsc#1051510).\n\n - nospec: Include asm/barrier.h dependency (bsc#1114279).\n\n - nvme: Free ctrl device name on init failure ().\n\n - ocfs2: fix a misuse a of brelse after failing\n ocfs2_check_dir_entry (bsc#1117817).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bsc#1117816).\n\n - ocfs2: fix ocfs2 read block panic (bsc#1117815).\n\n - ocfs2: free up write context when direct IO failed\n (bsc#1117821).\n\n - ocfs2: subsystem.su_mutex is required while accessing\n the item->ci_parent (bsc#1117808).\n\n - openvswitch: Fix push/pop ethernet validation\n (networking-stable-18_11_02).\n\n - pNFS: Always free the session slot on error in\n nfs4_layoutget_handle_exception (git-fixes).\n\n - pNFS: Prevent the layout header refcount going to zero\n in pnfs_roc() (git-fixes).\n\n - pci: dwc: remove duplicate fix References: bsc#1115269\n Patch has been already applied by the following commit:\n 9f73db8b7c PCI: dwc: Fix enumeration end when reaching\n root subordinate (bsc#1051510)\n\n - pcmcia: Implement CLKRUN protocol disabling for Ricoh\n bridges (bsc#1051510).\n\n - percpu: make this_cpu_generic_read() atomic w.r.t.\n interrupts (bsc#1114279).\n\n - perf: fix invalid bit in diagnostic entry (git-fixes).\n\n - pinctrl: at91-pio4: fix has_config check in\n atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n\n - pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix drive strength setting\n (bsc#1051510).\n\n - pinctrl: qcom: spmi-mpp: Fix err handling of\n pmic_mpp_set_mux (bsc#1051510).\n\n - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be\n compliant (bsc#1051510).\n\n - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be\n compliant (bsc#1051510).\n\n - pipe: match pipe_max_size data type with procfs\n (git-fixes).\n\n - platform/x86: acerhdf: Add BIOS entry for Gateway LT31\n v1.3307 (bsc#1051510).\n\n - platform/x86: intel_telemetry: report debugfs failure\n (bsc#1051510).\n\n - pnfs: Do not release the sequence slot until we've\n processed layoutget on open (git-fixes).\n\n - power: supply: max8998-charger: Fix platform data\n retrieval (bsc#1051510).\n\n - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs\n before POWER9 (bsc#1065729).\n\n - powerpc/boot: Fix opal console in boot wrapper\n (bsc#1065729).\n\n - powerpc/kvm/booke: Fix altivec related build break\n (bsc#1061840).\n\n - powerpc/kvm: Switch kvm pmd allocator to custom\n allocator (bsc#1061840).\n\n - powerpc/mm/keys: Move pte bits to correct headers\n (bsc#1078248).\n\n - powerpc/mm: Fix typo in comments (bsc#1065729).\n\n - powerpc/mm: Rename find_linux_pte_or_hugepte()\n (bsc#1061840).\n\n - powerpc/npu-dma.c: Fix crash after\n __mmu_notifier_register failure (bsc#1055120).\n\n - powerpc/perf: Update raw-event code encoding comment for\n power8 (bsc#1065729).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels on\n demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Finish removing explicit max\n window size check (bsc#1061840).\n\n - powerpc/powernv/ioda: Remove explicit max window size\n check (bsc#1061840).\n\n - powerpc/powernv/npu: Add lock to prevent race in\n concurrent context init/destroy (bsc#1055120).\n\n - powerpc/powernv/npu: Do not explicitly flush nmmu tlb\n (bsc#1055120).\n\n - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()\n (bsc#1055120).\n\n - powerpc/powernv/npu: Prevent overwriting of\n pnv_npu2_init_contex() callback parameters\n (bsc#1055120).\n\n - powerpc/powernv/npu: Use flush_all_mm() instead of\n flush_tlb_mm() (bsc#1055120).\n\n - powerpc/powernv/pci: Work around races in PCI bridge\n enabling (bsc#1055120).\n\n - powerpc/powernv: Add indirect levels to it_userspace\n (bsc#1061840).\n\n - powerpc/powernv: Do not select the cpufreq governors\n (bsc#1065729).\n\n - powerpc/powernv: Fix concurrency issue with\n npu->mmio_atsd_usage (bsc#1055120).\n\n - powerpc/powernv: Fix opal_event_shutdown() called with\n interrupts disabled (bsc#1065729).\n\n - powerpc/powernv: Move TCE manupulation code to its own\n file (bsc#1061840).\n\n - powerpc/powernv: Rework TCE level allocation\n (bsc#1061840).\n\n - powerpc/pseries/mobility: Extend start/stop topology\n update scope (bsc#1116950, bsc#1115709).\n\n - powerpc/pseries: Fix DTL buffer registration\n (bsc#1065729).\n\n - powerpc/pseries: Fix how we iterate over the DTL entries\n (bsc#1065729).\n\n - powerpc/xive: Move definition of ESB bits (bsc#1061840).\n\n - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump\n (bsc#1061840).\n\n - pppoe: fix reception of frames with no mac header\n (networking-stable-18_09_24).\n\n - printk: Fix panic caused by passing log_buf_len to\n command line (bsc#1117168).\n\n - provide linux/set_memory.h (bsc#1113295).\n\n - ptp: fix Spectre v1 vulnerability (bsc#1051510).\n\n - pwm: lpss: Release runtime-pm reference from the\n driver's remove callback (bsc#1051510).\n\n - pxa168fb: prepare the clock (bsc#1051510).\n\n - qmi_wwan: Support dynamic config on Quectel EP06\n (bsc#1051510).\n\n - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared\n device ID (bsc#1051510).\n\n - r8169: fix NAPI handling under high load\n (networking-stable-18_11_02).\n\n - race of lockd inetaddr notifiers vs nlmsvc_rqst change\n (git-fixes).\n\n - rds: fix two RCU related problems\n (networking-stable-18_09_18).\n\n - remoteproc: qcom: Fix potential device node leaks\n (bsc#1051510).\n\n - reset: hisilicon: fix potential NULL pointer dereference\n (bsc#1051510).\n\n - reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114279).\n\n - rpm/kernel-binary.spec.in: add macros.s into\n kernel-*-devel Starting with 4.20-rc1, file\n arch/*/kernel/macros.s is needed to build out of tree\n modules. Add it to kernel-$(flavor)-devel packages if it\n exists.\n\n - rpm/kernel-binary.spec.in: allow unsupported modules for\n -extra (bsc#1111183). SLE-15 and later only.\n\n - rpm/kernel-source.spec.in: Add patches.drm for moved DRM\n patches\n\n - rpm: use syncconfig instead of silentoldconfig where\n available Since mainline commit 0085b4191f3e ('kconfig:\n remove silentoldconfig target'), 'make silentoldconfig'\n can be no longer used. Use 'make syncconfig' instead if\n available.\n\n - rtnetlink: Disallow FDB configuration for non-Ethernet\n device (networking-stable-18_11_02).\n\n - rtnetlink: fix rtnl_fdb_dump() for ndmsg header\n (networking-stable-18_10_16).\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (networking-stable-18_10_16).\n\n - s390/cpum_sf: Add data entry sizes to sampling trailer\n entry (git-fixes).\n\n - s390/kvm: fix deadlock when killed by oom (bnc#1113501,\n LTC#172235).\n\n - s390/mm: Check for valid vma before zapping in\n gmap_discard (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: fix HiperSockets sniffer (bnc#1113501,\n LTC#172953).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390/qeth: report 25Gbit link speed (bnc#1113501,\n LTC#172959).\n\n - s390/sclp_tty: enable line mode tty even if there is an\n ascii console (git-fixes).\n\n - s390/sthyi: add cache to store hypervisor info\n (LTC#160415, bsc#1068273).\n\n - s390/sthyi: add s390_sthyi system call (LTC#160415,\n bsc#1068273).\n\n - s390/sthyi: reorganize sthyi implementation (LTC#160415,\n bsc#1068273).\n\n - s390: qeth: Fix potential array overrun in cmd/rc lookup\n (bnc#1113501, LTC#172682).\n\n - s390: qeth_core_mpc: Use ARRAY_SIZE instead of\n reimplementing its function (bnc#1113501, LTC#172682).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - scripts/git_sort/git_sort.py: add mkp/scsi.git\n 4.21/scsi-queue\n\n - scsi: core: Avoid that SCSI device removal through sysfs\n triggers a deadlock (bsc#1114578).\n\n - scsi: libsas: remove irq save in sas_ata_qc_issue()\n (bsc#1114580).\n\n - scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n\n - scsi: lpfc: Correct errors accessing fw log\n (bsc#1114015).\n\n - scsi: lpfc: Correct invalid EQ doorbell write on\n if_type=6 (bsc#1114015).\n\n - scsi: lpfc: Correct irq handling via locks when taking\n adapter offline (bsc#1114015).\n\n - scsi: lpfc: Correct loss of fc4 type on remote port\n address change (bsc#1114015).\n\n - scsi: lpfc: Correct race with abort on completion path\n (bsc#1114015).\n\n - scsi: lpfc: Correct soft lockup when running mds\n diagnostics (bsc#1114015).\n\n - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n\n - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN\n (bsc#1114015).\n\n - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by\n ABTS Timeout event (bsc#1114015).\n\n - scsi: lpfc: Fix errors in log messages (bsc#1114015).\n\n - scsi: lpfc: Fix lpfc_sli4_read_config return value check\n (bsc#1114015).\n\n - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in\n point-to-point (bsc#1114015).\n\n - scsi: lpfc: Implement GID_PT on Nameserver query to\n support faster failover (bsc#1114015).\n\n - scsi: lpfc: Raise nvme defaults to support a larger io\n and more connectivity (bsc#1114015).\n\n - scsi: lpfc: Remove set but not used variable 'sgl_size'\n (bsc#1114015).\n\n - scsi: lpfc: Reset link or adapter instead of doing\n infinite nameserver PLOGI retry (bsc#1114015).\n\n - scsi: lpfc: Synchronize access to remoteport via rport\n (bsc#1114015).\n\n - scsi: lpfc: add Trunking support (bsc#1114015).\n\n - scsi: lpfc: add support to retrieve firmware logs\n (bsc#1114015).\n\n - scsi: lpfc: fcoe: Fix link down issue after 1000+ link\n bounces (bsc#1114015).\n\n - scsi: lpfc: raise sg count for nvme to use available sg\n resources (bsc#1114015).\n\n - scsi: lpfc: reduce locking when updating statistics\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.7\n (bsc#1114015).\n\n - scsi: lpfc: update driver version to 12.0.0.8\n (bsc#1114015).\n\n - scsi: qlogicpti: Fix an error handling path in\n 'qpti_sbus_probe()' (bsc#1114581).\n\n - scsi: scsi_transport_srp: Fix shost to rport translation\n (bsc#1114582).\n\n - scsi: sg: fix minor memory leak in error path\n (bsc#1114584).\n\n - scsi: sysfs: Introduce\n sysfs_(un,)break_active_protection() (bsc#1114578).\n\n - scsi: target/tcm_loop: Avoid that static checkers warn\n about dead code (bsc#1114577).\n\n - scsi: target: Fix fortify_panic kernel exception\n (bsc#1114576).\n\n - scsi: target: tcmu: add read length support\n (bsc#1097755).\n\n - sctp: fix race on sctp_id2asoc\n (networking-stable-18_11_02).\n\n - sctp: fix strchange_flags name for Stream Change Event\n (networking-stable-18_11_21).\n\n - sctp: hold transport before accessing its asoc in\n sctp_transport_get_next (networking-stable-18_09_11).\n\n - sctp: not allow to set asoc prsctp_enable by sockopt\n (networking-stable-18_11_21).\n\n - sctp: not increase stream's incnt before sending\n addstrm_in request (networking-stable-18_11_21).\n\n - skip LAYOUTRETURN if layout is invalid (git-fixes).\n\n - soc: fsl: qbman: qman: avoid allocating from non\n existing gen_pool (bsc#1051510).\n\n - soc: ti: QMSS: Fix usage of irq_set_affinity_hint\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix the return value in case of\n error in 'rtw_wx_read32()' (bsc#1051510).\n\n - staging: vchiq_arm: fix compat\n VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n\n - staging:iio:ad7606: fix voltage scales (bsc#1051510).\n\n - sunrpc: Do not use stack buffer with scatterlist\n (git-fixes).\n\n - sunrpc: Fix rpc_task_begin trace point (git-fixes).\n\n - target: fix buffer offset in\n core_scsi3_pri_read_full_status (bsc1117349).\n\n - tcp: do not restart timewait timer on rst reception\n (networking-stable-18_09_11).\n\n - test_firmware: fix error return getting clobbered\n (bsc#1051510).\n\n - tg3: Add PHY reset for 5717/5719/5720 in change ring and\n flow control paths (networking-stable-18_11_21).\n\n - thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n\n - thermal: da9062/61: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - thermal: rcar_thermal: Prevent hardware access during\n system suspend (bsc#1051510).\n\n - tipc: do not assume linear buffer when reading ancillary\n data (networking-stable-18_11_21).\n\n - tipc: fix a missing rhashtable_walk_exit()\n (networking-stable-18_09_11).\n\n - tipc: fix flow control accounting for implicit connect\n (networking-stable-18_10_16).\n\n - tpm2-cmd: allow more attempts for selftest execution\n (bsc#1082555).\n\n - tpm: React correctly to RC_TESTING from TPM 2.0 self\n tests (bsc#1082555).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1082555).\n\n - tpm: Trigger only missing TPM 2.0 self tests\n (bsc#1082555).\n\n - tpm: Use dynamic delay to wait for TPM 2.0 self test\n result (bsc#1082555).\n\n - tpm: add retry logic (bsc#1082555).\n\n - tpm: consolidate the TPM startup code (bsc#1082555).\n\n - tpm: do not suspend/resume if power stays on\n (bsc#1082555).\n\n - tpm: fix intermittent failure with self tests\n (bsc#1082555).\n\n - tpm: fix response size validation in tpm_get_random()\n (bsc#1082555).\n\n - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND\n to tpm_input_header (bsc#1082555).\n\n - tpm: move endianness conversion of ordinals to\n tpm_input_header (bsc#1082555).\n\n - tpm: move the delay_msec increment after sleep in\n tpm_transmit() (bsc#1082555).\n\n - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0\n generic drivers (bsc#1082555).\n\n - tpm: self test failure should not cause suspend to fail\n (bsc#1082555).\n\n - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc\n (bsc#1082555).\n\n - tpm: use tpm2_pcr_read() in tpm2_do_selftest()\n (bsc#1082555).\n\n - tpm: use tpm_buf functions in tpm2_pcr_read()\n (bsc#1082555).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bsc#1117188).\n\n - tracing: Erase irqsoff trace with empty write\n (bsc#1117189).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: check name length in tty_find_polling_driver()\n (bsc#1051510).\n\n - tty: wipe buffer (bsc#1051510).\n\n - tty: wipe buffer if not echoing data (bsc#1051510).\n\n - tun: Consistently configure generic netdev params via\n rtnetlink (bsc#1051510).\n\n - tuntap: fix multiqueue rx (networking-stable-18_11_21).\n\n - udp4: fix IP_CMSG_CHECKSUM for connected sockets\n (networking-stable-18_09_24).\n\n - udp6: add missing checks on edumux packet processing\n (networking-stable-18_09_24).\n\n - udp6: fix encap return code for resubmitting\n (git-fixes).\n\n - uio: Fix an Oops on load (bsc#1051510).\n\n - uio: ensure class is registered before devices\n (bsc#1051510).\n\n - uio: make symbol 'uio_class_registered' static\n (bsc#1051510).\n\n - usb: cdc-acm: add entry for Hiro (Conexant) modem\n (bsc#1051510).\n\n - usb: core: Fix hub port connection events lost\n (bsc#1051510).\n\n - usb: dwc2: host: Do not retry NAKed transactions right\n away (bsc#1114385).\n\n - usb: dwc2: host: do not delay retries for CONTROL IN\n transfers (bsc#1114385).\n\n - usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n\n - usb: dwc3: gadget: Properly check last unaligned/zero\n chain TRB (bsc#1051510).\n\n - usb: dwc3: gadget: fix ISOC TRB type on unaligned\n transfers (bsc#1051510).\n\n - usb: gadget: storage: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - usb: gadget: u_ether: fix unsafe list iteration\n (bsc#1051510).\n\n - usb: gadget: udc: atmel: handle at91sam9rl PMC\n (bsc#1051510).\n\n - usb: host: ohci-at91: fix request of irq for optional\n gpio (bsc#1051510).\n\n - usb: quirks: Add delay-init quirk for Corsair K70 LUX\n RGB (bsc#1051510).\n\n - usb: xhci: fix timeout for transition from RExit to U0\n (bsc#1051510).\n\n - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison\n overwritten (bsc#1051510).\n\n - usbnet: smsc95xx: disable carrier check while suspending\n (bsc#1051510).\n\n - vfs: fix freeze protection in mnt_want_write_file() for\n overlayfs (git-fixes).\n\n - vhost/scsi: truncate T10 PI iov_iter to prot_bytes\n (bsc#1051510).\n\n - vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n\n - virtio_net: avoid using netif_tx_disable() for\n serializing tx routine (networking-stable-18_11_02).\n\n - w1: omap-hdq: fix missing bus unregister at removal\n (bsc#1051510).\n\n - x86, hibernate: Fix nosave_regions setup for hibernation\n (bsc#1110006).\n\n - x86/MCE: Make correctable error detection look at the\n Deferred bit (bsc#1114279).\n\n - x86/corruption-check: Fix panic in\n memory_corruption_check() when boot option without value\n is provided (bsc#1110006).\n\n - x86/cpu/vmware: Do not trace vmware_sched_clock()\n (bsc#1114279).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114279).\n\n - x86/ldt: Remove unused variable in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Split out sanity check in map_ldt_struct()\n (bsc#1114279).\n\n - x86/ldt: Unmap PTEs for the slot before freeing LDT\n pages (bsc#1114279).\n\n - x86/mm/pat: Disable preemption around __flush_tlb_all()\n (bsc#1114279).\n\n - x86/speculation: Support Enhanced IBRS on future CPUs\n ().\n\n - x86/xen: Fix boot loader version reported for PVH guests\n (bnc#1065600).\n\n - xen-swiotlb: use actually allocated size on check\n physical continuous (bnc#1065600).\n\n - xen/balloon: Support xend-based toolstack (bnc#1065600).\n\n - xen/blkfront: avoid NULL blkfront_info dereference on\n device removal (bsc#1111062).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1104824).\n\n - xen/pvh: do not try to unplug emulated devices\n (bnc#1065600).\n\n - xen/pvh: increase early stack size (bnc#1065600).\n\n - xen: fix race in xen_qlock_wait() (bnc#1107256).\n\n - xen: fix xen_qlock_wait() (bnc#1107256).\n\n - xen: make xen_qlock_wait() nestable (bnc#1107256).\n\n - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).\n\n - xfs: Properly detect when DAX won't be used on any\n device (bsc#1115976).\n\n - xhci: Add check for invalid byte size error when UAS\n devices are connected (bsc#1051510).\n\n - xhci: Fix leaking USB3 shared_hcd at xhci removal\n (bsc#1051510).\n\n - xprtrdma: Do not defer fencing an async RPC's chunks\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/326849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Input: ff-memless - kill timer in destroy (Oliver Neukum) [Orabug: 31213691] (CVE-2019-19524)\n\n - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] (CVE-2019-14896) (CVE-2019-14897) (CVE-2019-14897)\n\n - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] (CVE-2017-1000370) (CVE-2017-1000371) (CVE-2017-1000370)\n\n - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212]\n\n - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) \n\n - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466]\n\n - acpi: disable erst (Wengang Wang) [Orabug: 31194253]\n\n - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] (CVE-2019-12819)\n\n - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) \n\n - vxlan: don't migrate permanent fdb entries during learn (Roopa Prabhu) \n\n - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] (CVE-2019-19528)\n\n - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] (CVE-2019-19528)\n\n - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] (CVE-2018-18281)\n\n - Input: add safety guards to input_set_keycode (Dmitry Torokhov) [Orabug: 31200558] (CVE-2019-20636)\n\n - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] (CVE-2020-11609)\n\n - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] (CVE-2020-11608)\n\n - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] (CVE-2020-11668)\n\n - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug:\n 31263147] (CVE-2019-19057)\n\n - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] (CVE-2019-19537)", "cvss3": {}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000370", "CVE-2017-1000371", "CVE-2018-18281", "CVE-2019-12819", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-19057", "CVE-2019-19524", "CVE-2019-19528", "CVE-2019-19537", "CVE-2019-20636", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/137217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0020.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137217);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2018-18281\", \"CVE-2019-12819\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-19057\", \"CVE-2019-19524\", \"CVE-2019-19528\", \"CVE-2019-19537\", \"CVE-2019-20636\", \"CVE-2020-11608\", \"CVE-2020-11609\", \"CVE-2020-11668\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Input: ff-memless - kill timer in destroy (Oliver\n Neukum) [Orabug: 31213691] (CVE-2019-19524)\n\n - libertas: Fix two buffer overflows at parsing bss\n descriptor (Wen Huang) [Orabug: 31351307]\n (CVE-2019-14896) (CVE-2019-14897) (CVE-2019-14897)\n\n - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook)\n [Orabug: 31352068] (CVE-2017-1000370) (CVE-2017-1000371)\n (CVE-2017-1000370)\n\n - NFSv4.0: Remove transport protocol name from non-UCS\n client ID (Chuck Lever) [Orabug: 31357212]\n\n - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck\n Lever) \n\n - xen/manage: enable C_A_D to force reboot (Dongli Zhang)\n [Orabug: 31387466]\n\n - acpi: disable erst (Wengang Wang) [Orabug: 31194253]\n\n - mdio_bus: Fix use-after-free on device_register fails\n (YueHaibing) [Orabug: 31222292] (CVE-2019-12819)\n\n - rds: ib: Fix dysfunctional long address resolve timeout\n (Hakon Bugge) \n\n - vxlan: don't migrate permanent fdb entries during learn\n (Roopa Prabhu) \n\n - USB: iowarrior: fix use-after-free on disconnect (Johan\n Hovold) [Orabug: 31351061] (CVE-2019-19528)\n\n - usb: iowarrior: fix deadlock on disconnect (Oliver\n Neukum) [Orabug: 31351061] (CVE-2019-19528)\n\n - mremap: properly flush TLB before releasing the page\n (Linus Torvalds) [Orabug: 31352011] (CVE-2018-18281)\n\n - Input: add safety guards to input_set_keycode (Dmitry\n Torokhov) [Orabug: 31200558] (CVE-2019-20636)\n\n - media: stv06xx: add missing descriptor sanity checks\n (Johan Hovold) [Orabug: 31200579] (CVE-2020-11609)\n\n - media: ov519: add missing endpoint sanity checks (Johan\n Hovold) [Orabug: 31213758] (CVE-2020-11608)\n\n - media: xirlink_cit: add missing descriptor sanity checks\n (Johan Hovold) [Orabug: 31213767] (CVE-2020-11668)\n\n - mwifiex: pcie: Fix memory leak in\n mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug:\n 31263147] (CVE-2019-19057)\n\n - USB: core: Fix races in character device registration\n and deregistraion (Alan Stern) [Orabug: 31317667]\n (CVE-2019-19537)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000983.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.39.5.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.39.5.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:50", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5708 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)\n\n - An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. (CVE-2020-11609)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. (CVE-2017-1000370)\n\n - A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. (CVE-2019-14897)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free.\n This will cause a denial of service. (CVE-2019-12819)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. (CVE-2019-19057)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000370", "CVE-2017-1000371", "CVE-2018-18281", "CVE-2019-12819", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-19057", "CVE-2019-19524", "CVE-2019-19528", "CVE-2019-19537", "CVE-2019-20636", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5708.NASL", "href": "https://www.tenable.com/plugins/nessus/137173", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5708.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137173);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2017-1000370\",\n \"CVE-2017-1000371\",\n \"CVE-2018-18281\",\n \"CVE-2019-12819\",\n \"CVE-2019-14896\",\n \"CVE-2019-14897\",\n \"CVE-2019-19057\",\n \"CVE-2019-19524\",\n \"CVE-2019-19528\",\n \"CVE-2019-19537\",\n \"CVE-2019-20636\",\n \"CVE-2020-11608\",\n \"CVE-2020-11609\",\n \"CVE-2020-11668\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5708 advisory.\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.\n If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of\n mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it\n has been released back to the page allocator and reused. This is fixed in the following kernel versions:\n 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL\n pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d. (CVE-2020-11608)\n\n - An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle\n invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. (CVE-2020-11609)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be\n execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000\n and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This\n affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This\n issue appears to be limited to i386 based systems. (CVE-2017-1000370)\n\n - A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip\n driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary\n code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and\n connects to another STA. (CVE-2019-14897)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in\n drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free.\n This will cause a denial of service. (CVE-2019-12819)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a\n denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e. (CVE-2019-19057)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5708.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.39.5.el6uek', '4.1.12-124.39.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5708');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.39.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.39.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.39.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.39.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.39.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.39.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.39.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.39.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.39.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.39.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.39.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.39.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:28", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"], "id": "REDHAT-RHSA-2020-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/132947", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0100. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132947);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-18281\", \"CVE-2018-20856\", \"CVE-2019-11599\");\n script_xref(name:\"RHSA\", value:\"2020:0100\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:0100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0100 advisory.\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0100');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.62.1.rt56.659.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.62.1.rt56.659.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:16:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11599"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0179.NASL", "href": "https://www.tenable.com/plugins/nessus/133164", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0179. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133164);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-18281\", \"CVE-2019-11599\");\n script_bugtraq_id(105761, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0179\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0179 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0179');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.43.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.43.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:06", "description": "It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash). (CVE-2018-1066)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the socket implementation in the Linux kernel contained a type confusion error that could lead to memory corruption.\nA local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9568).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-05T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1066", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-9568"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3880-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3880-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121598);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-1066\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-9568\");\n script_xref(name:\"USN\", value:\"3880-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3880-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the CIFS client implementation in the Linux\nkernel did not properly handle setup negotiation during session\nrecovery, leading to a NULL pointer exception. An attacker could use\nthis to create a malicious CIFS server that caused a denial of service\n(client system crash). (CVE-2018-1066)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the socket implementation in the Linux kernel\ncontained a type confusion error that could lead to memory corruption.\nA local attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-9568).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3880-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1066\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-9568\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3880-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-generic\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-generic-lpae\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-165-lowlatency\", pkgver:\"3.13.0-165.215\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.165.175\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.165.175\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.165.175\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:19", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18360", "CVE-2018-18281", "CVE-2018-18559", "CVE-2018-19824"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/123721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123721);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18360\",\n \"CVE-2018-18281\",\n \"CVE-2018-18559\",\n \"CVE-2018-19824\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - A flaw was found In the Linux kernel, through version\n 4.19.6, where a local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate\n privileges if the attacker is able to have physical\n access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due\n to a race condition between packet_do_bind() and\n packet_notifier() functions called for an AF_PACKET\n socket. An unprivileged, local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to an unresponsive system or to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1ef0b72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.1_62\",\n \"kernel-devel-3.10.0-862.14.1.1_62\",\n \"kernel-headers-3.10.0-862.14.1.1_62\",\n \"kernel-tools-3.10.0-862.14.1.1_62\",\n \"kernel-tools-libs-3.10.0-862.14.1.1_62\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.1_62\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:30:29", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data.\n By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).(CVE-2018-20169)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.(CVE-2018-18281)\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service. (CVE-2017-18360)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18360", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-18281", "CVE-2018-20169"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1108.NASL", "href": "https://www.tenable.com/plugins/nessus/123121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123121);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2017-18360\",\n \"CVE-2018-10878\",\n \"CVE-2018-10881\",\n \"CVE-2018-18281\",\n \"CVE-2018-20169\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was discovered in the Linux kernel's USB\n subsystem in the __usb_get_extra_descriptor() function\n in the drivers/usb/core/usb.c which mishandles a size\n check during the reading of an extra descriptor data.\n By using a specially crafted USB device which sends a\n forged extra descriptor, an unprivileged user with\n physical access to the system can potentially cause a\n privilege escalation or trigger a system crash or lock\n up and thus to cause a denial of service\n (DoS).(CVE-2018-20169)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.(CVE-2018-18281)\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service. (CVE-2017-18360)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1108\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f33765a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h165\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h165\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h165\",\n \"kernel-devel-3.10.0-514.44.5.10.h165\",\n \"kernel-headers-3.10.0-514.44.5.10.h165\",\n \"kernel-tools-3.10.0-514.44.5.10.h165\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h165\",\n \"perf-3.10.0-514.44.5.10.h165\",\n \"python-perf-3.10.0-514.44.5.10.h165\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:59", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.i1/4^CVE-2016-10741i1/4%0\n\n - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10741", "CVE-2017-18360", "CVE-2018-18281", "CVE-2018-18559", "CVE-2018-19824"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1244.NASL", "href": "https://www.tenable.com/plugins/nessus/123712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123712);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10741\",\n \"CVE-2017-18360\",\n \"CVE-2018-18281\",\n \"CVE-2018-18559\",\n \"CVE-2018-19824\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found In the Linux kernel, through version\n 4.19.6, where a local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c.\n An attacker could corrupt memory and possibly escalate\n privileges if the attacker is able to have physical\n access to the system.i1/4^CVE-2018-19824i1/4%0\n\n - It was found that the Linux kernel can hit a BUG_ON()\n statement in the __xfs_get_blocks() in the\n fs/xfs/xfs_aops.c because of a race condition between\n direct and memory-mapped I/O associated with a hole in\n a file that is handled with BUG_ON() instead of an I/O\n failure. This allows a local unprivileged attacker to\n cause a system crash and a denial of\n service.i1/4^CVE-2016-10741i1/4%0\n\n - A division-by-zero in set_termios(), when debugging is\n enabled, was found in the Linux kernel. When the\n [io_ti] driver is loaded, a local unprivileged attacker\n can request incorrect high transfer speed in the\n change_port_settings() in the\n drivers/usb/serial/io_ti.c so that the divisor value\n becomes zero and causes a system crash resulting in a\n denial of service.i1/4^CVE-2017-18360i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and\n reused.i1/4^CVE-2018-18281i1/4%0\n\n - A use-after-free flaw can occur in the Linux kernel due\n to a race condition between packet_do_bind() and\n packet_notifier() functions called for an AF_PACKET\n socket. An unprivileged, local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to an unresponsive system or to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out.i1/4^CVE-2018-18559i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1244\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ebc7ba2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_132\",\n \"kernel-devel-3.10.0-514.44.5.10_132\",\n \"kernel-headers-3.10.0-514.44.5.10_132\",\n \"kernel-tools-3.10.0-514.44.5.10_132\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_132\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_132\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:16:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-18281", "CVE-2018-20856", "CVE-2019-11599", "CVE-2019-6974"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/132886", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0103. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132886);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-10853\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-6974\",\n \"CVE-2019-11599\"\n );\n script_bugtraq_id(105761, 107127, 108113);\n script_xref(name:\"RHSA\", value:\"2020:0103\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0103)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0103 advisory.\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-6974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1671913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1738705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 250, 362, 416, 667, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-10853', 'CVE-2018-18281', 'CVE-2018-20856', 'CVE-2019-6974', 'CVE-2019-11599');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0103');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.62.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.62.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:05", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-16746: There was an issue in net/wireless/nl80211.c where the kernel did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers to cause a denial of service (memory consumption) (bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bsc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14901", "CVE-2019-15213", "CVE-2019-16746", "CVE-2019-19051", "CVE-2019-19066", "CVE-2019-19077", "CVE-2019-19332", "CVE-2019-19338", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19525", "CVE-2019-19526", "CVE-2019-19527", "CVE-2019-19528", "CVE-2019-19529", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19532", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19535", "CVE-2019-19536", "CVE-2019-19537", "CVE-2019-19543"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3389-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132430", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3389-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132430);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-14901\", \"CVE-2019-15213\", \"CVE-2019-16746\", \"CVE-2019-19051\", \"CVE-2019-19066\", \"CVE-2019-19077\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19543\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-16746: There was an issue in net/wireless/nl80211.c where the\nkernel did not check the length of variable elements in a beacon head,\nleading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function\nin drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nbfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle()\nfunction in drivers/net/wimax/i2400m/op-rfkill.c that allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction\nAsynchronous Abort (TAA) (bsc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been\ncaused by a malicious USB device in the USB character device driver\nlayer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/hid/usbhid/hiddev.c\ndriver (bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/nfc/pn533/usb.c driver\n(bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that\ncould have been caused by a malicious USB device in the Linux kernel\nHID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/usb/misc/adutux.c\ndriver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was\na use-after-free caused by a malicious USB device in the\ndrivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver\n(bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver\n(bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering copy to udata failures (bnc#1157171).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19338/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19543/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193389-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26911696\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Live Patching 12-SP5:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise High Availability 12-SP5:zypper in -t patch\nSUSE-SLE-HA-12-SP5-2019-3389=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:20", "description": "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059)\n\nAn information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2148)\n\nJonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nKees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered that the Linux kernel's IPv6 stack does not correctly handle Router Advertisement (RA) message in some cases. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4125)\n\nA vulnerability was discovered in the Linux kernel's vhost net driver.\nA local user could cause a denial of service (system crash) by powering on a virtual machine. (CVE-2013-4127).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-08-21T00:00:00", "type": "nessus", "title": "Ubuntu 13.04 : linux vulnerabilities (USN-1935-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2851", "CVE-2013-4125", "CVE-2013-4127"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "UBUNTU_USN-1935-1.NASL", "href": "https://www.tenable.com/plugins/nessus/69418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1935-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69418);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2851\", \"CVE-2013-4125\", \"CVE-2013-4127\");\n script_xref(name:\"USN\", value:\"1935-1\");\n\n script_name(english:\"Ubuntu 13.04 : linux vulnerabilities (USN-1935-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph\nclient. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-1059)\n\nAn information leak was discovered in the Linux kernel's fanotify\ninterface. A local user could exploit this flaw to obtain sensitive\ninformation from kernel memory. (CVE-2013-2148)\n\nJonathan Salwan discovered an information leak in the Linux kernel's\ncdrom driver. A local user can exploit this leak to obtain sensitive\ninformation from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nKees Cook discovered a format string vulnerability in the Linux\nkernel's disk block layer. A local user with administrator privileges\ncould exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered that the Linux kernel's IPv6 stack\ndoes not correctly handle Router Advertisement (RA) message in some\ncases. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-4125)\n\nA vulnerability was discovered in the Linux kernel's vhost net driver.\nA local user could cause a denial of service (system crash) by\npowering on a virtual machine. (CVE-2013-4127).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1935-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1059\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2851\", \"CVE-2013-4125\", \"CVE-2013-4127\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1935-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"linux-image-3.8.0-29-generic\", pkgver:\"3.8.0-29.42\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:07", "description": "Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nDaniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel.\n(CVE-2018-18653)\n\nJann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955)\n\nPhilipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-30T00:00:00", "type": "nessus", "title": "Ubuntu 18.10 : Linux kernel (AWS) vulnerabilities (USN-3832-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18445", "CVE-2018-18653", "CVE-2018-18955", "CVE-2018-6559"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3832-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119302", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3832-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119302);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18445\", \"CVE-2018-18653\", \"CVE-2018-18955\", \"CVE-2018-6559\");\n script_xref(name:\"USN\", value:\"3832-1\");\n\n script_name(english:\"Ubuntu 18.10 : Linux kernel (AWS) vulnerabilities (USN-3832-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nDaniel Dadap discovered that the module loading implementation in the\nLinux kernel did not properly enforce signed module loading when\nbooted with UEFI Secure Boot in some situations. A local privileged\nattacker could use this to execute untrusted code in the kernel.\n(CVE-2018-18653)\n\nJann Horn discovered that the Linux kernel mishandles mapping UID or\nGID ranges inside nested user namespaces in some situations. A local\nattacker could use this to bypass access controls on resources outside\nthe namespace. (CVE-2018-18955)\n\nPhilipp Wendler discovered that the overlayfs implementation in the\nLinux kernel did not properly verify the directory contents\npermissions from within a unprivileged user namespace. A local\nattacker could use this to expose sensitive information (protected\nfile names). (CVE-2018-6559).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3832-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.18-aws and / or linux-image-aws\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Nested User Namespace idmap Limit Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18445\", \"CVE-2018-18653\", \"CVE-2018-18955\", \"CVE-2018-6559\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3832-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1006-aws\", pkgver:\"4.18.0-1006.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-aws\", pkgver:\"4.18.0.1006.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.18-aws / linux-image-aws\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:14", "description": "Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nDaniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel.\n(CVE-2018-18653)\n\nJann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955)\n\nPhilipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18445", "CVE-2018-18653", "CVE-2018-18955", "CVE-2018-6559"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3835-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119338", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3835-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119338);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18445\", \"CVE-2018-18653\", \"CVE-2018-18955\", \"CVE-2018-6559\");\n script_xref(name:\"USN\", value:\"3835-1\");\n\n script_name(english:\"Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nDaniel Dadap discovered that the module loading implementation in the\nLinux kernel did not properly enforce signed module loading when\nbooted with UEFI Secure Boot in some situations. A local privileged\nattacker could use this to execute untrusted code in the kernel.\n(CVE-2018-18653)\n\nJann Horn discovered that the Linux kernel mishandles mapping UID or\nGID ranges inside nested user namespaces in some situations. A local\nattacker could use this to bypass access controls on resources outside\nthe namespace. (CVE-2018-18955)\n\nPhilipp Wendler discovered that the overlayfs implementation in the\nLinux kernel did not properly verify the directory contents\npermissions from within a unprivileged user namespace. A local\nattacker could use this to expose sensitive information (protected\nfile names). (CVE-2018-6559).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3835-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Nested User Namespace idmap Limit Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18445\", \"CVE-2018-18653\", \"CVE-2018-18955\", \"CVE-2018-6559\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3835-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1004-gcp\", pkgver:\"4.18.0-1004.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1005-kvm\", pkgver:\"4.18.0-1005.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1007-raspi2\", pkgver:\"4.18.0-1007.9\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-12-generic\", pkgver:\"4.18.0-12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-12-generic-lpae\", pkgver:\"4.18.0-12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-12-lowlatency\", pkgver:\"4.18.0-12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-12-snapdragon\", pkgver:\"4.18.0-12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-gcp\", pkgver:\"4.18.0.1004.4\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-generic\", pkgver:\"4.18.0.12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.18.0.12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-gke\", pkgver:\"4.18.0.1004.4\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-kvm\", pkgver:\"4.18.0.1005.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.18.0.12.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.18.0.1007.4\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.18.0.12.13\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.18-gcp / linux-image-4.18-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:06:12", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0036 advisory.\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-10661", "CVE-2018-10853", "CVE-2018-18281", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0036.NASL", "href": "https://www.tenable.com/plugins/nessus/132700", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0036. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132700);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2018-10853\",\n \"CVE-2018-18281\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_bugtraq_id(\n 100215,\n 102329,\n 105761,\n 108286,\n 108410\n );\n script_xref(name:\"RHSA\", value:\"2020:0036\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0036 advisory.\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege\n escalation (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n - kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS\n (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c\n (CVE-2019-11811)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1481136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1563994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1645121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-18281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(250, 362, 416, 476, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.5')) audit(AUDIT_OS_NOT, 'Red Hat 7.5', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-0861', 'CVE-2017-10661', 'CVE-2018-10853', 'CVE-2018-18281', 'CVE-2019-11810', 'CVE-2019-11811');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0036');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/eus/rhel/computenode/7/7.5/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.5/x86_64/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.5/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.5/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.5/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.5/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-862.46.1.el7', 'sp':'5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-862.46.1.el7', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:04", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.(CVE-2019-10220)A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.(CVE-2019-19051)A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.(CVE-2019-19065)Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.(CVE-2019-19067)An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.(CVE-2019-17351)The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.(CVE-2017-12134)In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.(CVE-2019-19523)In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.(CVE-2019-19532)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.(CVE-2019-19531)The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.(CVE-2019-18675)A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.(CVE-2018-1129)A memory leak in the alloc_sgtable() function in driverset/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.(CVE-2019-19058)A memory leak in the ath9k_wmi_cmd() function in driverset/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.(CVE-2019-19074)Memory leaks in driverset/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.(CVE-2019-19073)Two memory leaks in the rtl_usb_probe() function in driverset/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.(CVE-2019-19063)A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in driverset/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in the mwifiex_pcie_init_evt_ring() function in driverset/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.(CVE-2019-19057)An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.(CVE-2019-15291)A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID:\n A-141720095(CVE-2019-2215)In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.(CVE-2018-9465)In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.(CVE-2019-18885)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2017-12134", "CVE-2018-1129", "CVE-2018-9465", "CVE-2019-10220", "CVE-2019-15291", "CVE-2019-17351", "CVE-2019-18675", "CVE-2019-18885", "CVE-2019-19051", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19063", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19527", "CVE-2019-19528", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19532", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-2215", "CVE-2019-9456"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2693.NASL", "href": "https://www.tenable.com/plugins/nessus/132360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132360);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2015-1350\",\n \"CVE-2017-12134\",\n \"CVE-2018-1129\",\n \"CVE-2018-9465\",\n \"CVE-2019-10220\",\n \"CVE-2019-15291\",\n \"CVE-2019-17351\",\n \"CVE-2019-18675\",\n \"CVE-2019-18885\",\n \"CVE-2019-19051\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19063\",\n \"CVE-2019-19065\",\n \"CVE-2019-19067\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19530\",\n \"CVE-2019-19531\",\n \"CVE-2019-19532\",\n \"CVE-2019-19533\",\n \"CVE-2019-19537\",\n \"CVE-2019-2215\",\n \"CVE-2019-9456\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):Linux kernel CIFS\n implementation, version 4.9.0 is vulnerable to a\n relative paths injection in directory entry\n lists.(CVE-2019-10220)A memory leak in the\n i2400m_op_rfkill_sw_toggle() function in drivers/\n net/wimax/i2400m/op-rfkill.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption), aka\n CID-6f3ef5c25cc7.(CVE-2019-19051)A memory leak in the\n sdma_init() function in\n drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption) by triggering\n rhashtable_init() failures, aka\n CID-34b3be18a04e.(CVE-2019-19065)Four memory leaks in\n the acp_hw_init() function in\n drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux\n kernel before 5.3.8 allow attackers to cause a denial\n of service (memory consumption) by triggering\n mfd_add_hotplug_devices() or pm_genpd_add_device()\n failures, aka CID-57be09c6e874. NOTE: third parties\n dispute the relevance of this because the attacker must\n already have privileges for module\n loading.(CVE-2019-19067)An issue was discovered in\n drivers/xen/balloon.c in the Linux kernel before 5.2.3,\n as used in Xen through 4.12.x, allowing guest OS users\n to cause a denial of service because of unrestricted\n resource consumption during the mapping of guest\n memory, aka CID-6ef36ab967c7.(CVE-2019-17351)The\n xen_biovec_phys_mergeable function in\n drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability\n calculation.(CVE-2017-12134)In the Linux kernel before\n 5.3.7, there is a use-after-free bug that can be caused\n by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)In\n the Linux kernel before 5.3.12, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/input/ff-memless.c driver,\n aka CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux\n kernel before 5.2.10, there is a use-after-free bug\n that can be caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)The VFS\n subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations\n that underspecifies removing extended privilege\n attributes, which allows local users to cause a denial\n of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program.(CVE-2015-1350)In the Linux kernel\n before 5.2.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)The Linux kernel\n through 5.3.13 has a start_offset+size Integer Overflow\n in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)A flaw was found in the way\n signature calculation was handled by cephx\n authentication protocol. An attacker having access to\n ceph cluster network who is able to alter the message\n payload was able to bypass signature checks done by\n cephx protocol. Ceph branches master, mimic, luminous\n and jewel are believed to be\n vulnerable.(CVE-2018-1129)A memory leak in the\n alloc_sgtable() function in\n driverset/wireless/intel/iwlwifi/fw/dbg.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n alloc_page() failures, aka\n CID-b4b814fec1a5.(CVE-2019-19058)A memory leak in the\n ath9k_wmi_cmd() function in\n driverset/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)Memory leaks in\n driverset/wireless/ath/ath9k/htc_hst.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)Two memory leaks in\n the rtl_usb_probe() function in\n driverset/wireless/realtek/rtlwifi/usb.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in\n driverset/wireless/marvell/mwifiex/pcie.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in\n driverset/wireless/marvell/mwifiex/pcie.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)An issue was\n discovered in the Linux kernel through 5.2.9. There is\n a NULL pointer dereference caused by a malicious USB\n device in the flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)A use-after-free in binder.c\n allows an elevation of privilege from an application to\n the Linux Kernel. No user interaction is required to\n exploit this vulnerability, however exploitation does\n require either the installation of a malicious local\n application or a separate vulnerability in a network\n facing application.Product: AndroidAndroid ID:\n A-141720095(CVE-2019-2215)In task_get_unused_fd_flags\n of binder.c, there is a possible memory corruption due\n to a use after free. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android Versions: Android kernel\n Android ID: A-69164715 References: Upstream\n kernel.(CVE-2018-9465)In the Android kernel in Pixel C\n USB monitor driver there is a possible OOB write due to\n a missing bounds check. This could lead to local\n escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.(CVE-2019-9456)fs/btrfs/volumes.c in the\n Linux kernel before 5.1 allows a\n btrfs_verify_dev_extents NULL pointer dereference via a\n crafted btrfs image because fs_devices->devices is\n mishandled within find_device, aka\n CID-09ba3bc9dd15.(CVE-2019-18885)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5cacf951\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h359.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h359.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:53", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15217", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18808", "CVE-2019-19062", "CVE-2019-19332", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-9458", "CVE-2020-11565", "CVE-2020-14331", "CVE-2020-2732", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2022-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/149336", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0025. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-9458\",\n \"CVE-2019-15217\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18808\",\n \"CVE-2019-19062\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-11565\",\n \"CVE-2020-14331\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0025\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14331\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9383\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.54.913.g2925469.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.52.955.gcf9f7ff'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:29", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\n - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack\n -fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-cou nting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script uses bashism.\n\n - arm64: cpufeature: Track 32bit EL0 support (bnc#1012382).\n\n - arm64: jump_label.h: use asm_volatile_goto macro instead of 'asm goto' (bnc#1012382).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bnc#1012382).\n\n - arm64: KVM: Tighten guest core register access from userspace (bnc#1012382).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bnc#1012382).\n\n - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382).\n\n - ARM: mvebu: declare asm symbols as character arrays in pmsu.c (bnc#1012382).\n\n - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bnc#1012382).\n\n - ASoC: sigmadsp: safeload should not have lower byte limit (bnc#1012382).\n\n - ASoC: wm8804: Add ACPI support (bnc#1012382).\n\n - ath10k: fix scan crash due to incorrect length calculation (bnc#1012382).\n\n - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bnc#1012382).\n\n - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bnc#1012382).\n\n - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bnc#1012382).\n\n - bnxt_en: Fix TX timeout during netpoll (bnc#1012382).\n\n - bonding: avoid possible dead-lock (bnc#1012382).\n\n - bpf: fix cb access in socket filter programs on tail calls (bsc#1012382).\n\n - bpf: fix map not being uncharged during map creation failure (bsc#1012382).\n\n - bpf, s390: fix potential memleak when later bpf_jit_prog fails (git-fixes).\n\n - bpf, s390x: do not reload skb pointers in non-skb context (git-fixes).\n\n - bsc#1106913: Replace with upstream variants Delete patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread\n -cannot-ptrace-current-thread.patch.\n\n - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it is not set in the distribution project so do not set it for kernel projects either.\n\n - btrfs: add a comp_refs() helper (dependency for bsc#1031392).\n\n - btrfs: add missing initialization in btrfs_check_shared (Git-fixes bsc#1112262).\n\n - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392).\n\n - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE (dependency for bsc#1031392).\n\n - btrfs: cleanup extent locking sequence (dependency for bsc#1031392).\n\n - btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (Follow up fixes for bsc#1031392).\n\n - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392).\n\n - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392).\n\n - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).\n\n - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).\n\n - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535).\n\n - Btrfs: fix invalid attempt to free reserved space on failure to cow range (dependency for bsc#1031392).\n\n - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919).\n\n - btrfs: Fix race condition between delayed refs and blockgroup removal (Git-fixes bsc#1112263).\n\n - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).\n\n - Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist (dependency for bsc#1031392).\n\n - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392).\n\n - Btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head (dependency for bsc#1031392).\n\n - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392).\n\n - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392).\n\n - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392).\n\n - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392).\n\n - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392).\n\n - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392).\n\n - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392).\n\n - btrfs: qgroups: opencode qgroup_free helper (dependency for bsc#1031392).\n\n - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392).\n\n - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392).\n\n - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392).\n\n - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392).\n\n - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392).\n\n - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392).\n\n - Btrfs: rework outstanding_extents (dependency for bsc#1031392).\n\n - btrfs: switch args for comp_*_refs (dependency for bsc#1031392).\n\n - btrfs: Take trans lock before access running trans in check_delayed_ref (Follow up fixes for bsc#1031392).\n\n - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1112007).\n\n - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bnc#1012382).\n\n - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bnc#1012382).\n\n - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382).\n\n - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996).\n\n - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902).\n\n - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n\n - cifs: read overflow in is_valid_oplock_break() (bnc#1012382).\n\n - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bnc#1012382).\n\n - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3\n\n - crypto: mxs-dcp - Fix wait logic on chan threads (bnc#1012382).\n\n - crypto: skcipher - Fix -Wstringop-truncation warnings (bnc#1012382).\n\n - Define dependencies of in-kernel KMPs statically This allows us to use rpm's internal dependency generator (bsc#981083).\n\n - dm cache: fix resize crash if user does not reload cache table (bnc#1012382).\n\n - dm thin metadata: fix __udivdi3 undefined on 32-bit (bnc#1012382).\n\n - dm thin metadata: try to avoid ever aborting transactions (bnc#1012382).\n\n - Do not ship firmware (bsc#1054239). Pull firmware from kernel-firmware instead.\n\n - drivers/tty: add error handling for pcmcia_loop_config (bnc#1012382).\n\n - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bnc#1012382).\n\n - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bnc#1012382).\n\n - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1106929)\n\n - Drop dtb-source.spec and move the sources to kernel-source (bsc#1011920)\n\n - Drop multiversion(kernel) from the KMP template ()\n\n - e1000: check on netif_running() before calling e1000_up() (bnc#1012382).\n\n - e1000: ensure to free old tx/rx rings in set_ringparam() (bnc#1012382).\n\n - ebtables: arpreply: Add the standard target sanity check (bnc#1012382).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114648).\n\n - Enable kernel-obs-(build,qa) also in the vanilla branches\n\n - ethtool: restore erroneously removed break in dev_ethtool (bsc#1114229).\n\n - fbdev: fix broken menu dependencies (bsc#1106929)\n\n - fbdev/omapfb: fix omapfb_memory_read infoleak (bnc#1012382).\n\n - Fix file list to remove REPORTING-BUGS\n\n - Fix html and pdf creation in Documetation/media/*\n\n - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bnc#1012382).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bnc#1012382).\n\n - fs/cifs: suppress a string overflow warning (bnc#1012382).\n\n - gpio: adp5588: Fix sleep-in-atomic-context bug (bnc#1012382).\n\n - hexagon: modify ffs() and fls() to return int (bnc#1012382).\n\n - HID: hid-ntrig: add error handling for sysfs_create_group (bnc#1012382).\n\n - housekeeping: btrfs selftests: fold backport fix into backport patch\n\n - housekeeping: move btrfs patches to sorted section. No code changes.\n\n - hv: avoid crash in vmbus sysfs files (bnc#1108377).\n\n - hwmon: (adt7475) Make adt7475_read_word() return errors (bnc#1012382).\n\n - hwmon: (ina2xx) fix sysfs shunt resistor read access (bnc#1012382).\n\n - hwrng: core - document the quality field (git-fixes).\n\n - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bnc#1012382).\n\n - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bnc#1012382).\n\n - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - IB/srp: Avoid that sg_reset -d $(srp_device) triggers an infinite loop (bnc#1012382).\n\n - Input: atakbd - fix Atari CapsLock behaviour (bnc#1012382).\n\n - Input: atakbd - fix Atari keymap (bnc#1012382).\n\n - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bnc#1012382).\n\n - ip6_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ip_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (bnc#1012382).\n\n - ixgbe: pci_set_drvdata must be called before register_netdev (Git-fixes bsc#1109923).\n\n - jffs2: return -ERANGE when xattr buffer is too small (bnc#1012382).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bnc#1012382).\n\n - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch (bnc#1012382).\n\n - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1106110).\n\n - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: fix a race between restart and CSA flows (bnc#1012382).\n\n - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bnc#1012382).\n\n - mac80211: Fix station bandwidth setting after channel switch (bnc#1012382).\n\n - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: mesh: fix HWMP sequence numbering to follow standard (bnc#1012382).\n\n - mac80211: shorten the IBSS debug messages (bnc#1012382).\n\n - mach64: detect the dot clock divider correctly on sparc (bnc#1012382).\n\n - md-cluster: clear another node's suspend_area after the copy is finished (bnc#1012382).\n\n - media: af9035: prevent buffer overflow on write (bnc#1012382).\n\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bnc#1012382).\n\n - media: fsl-viu: fix error handling in viu_of_probe() (bnc#1012382).\n\n - media: omap3isp: zero-initialize the isp cam_xclk(a,b) initial data (bnc#1012382).\n\n - media: omap_vout: Fix a possible NULL pointer dereference in omap_vout_open() (bsc#1050431).\n\n - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bnc#1012382).\n\n - media: soc_camera: ov772x: correct setting of banding filter (bnc#1012382).\n\n - media: tm6000: add error handling for dvb_register_adapter (bnc#1012382).\n\n - media: uvcvideo: Support realtek's UVC 1.5 device (bnc#1012382).\n\n - media: v4l: event: Prevent freeing event subscriptions while accessed (bnc#1012382).\n\n - media: videobuf-dma-sg: Fix dma_(sync,unmap)_sg() calls (bsc#1050431).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: omap-usb-host: Fix dts probe of children (bn