The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1578 advisory.
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
(CVE-2020-14314)
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
(CVE-2020-27835)
Integer overflow in the firmware for some Intel® Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)
A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2021-1578.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149914);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/28");
script_cve_id(
"CVE-2019-18811",
"CVE-2019-19523",
"CVE-2019-19528",
"CVE-2020-0431",
"CVE-2020-11608",
"CVE-2020-12114",
"CVE-2020-12362",
"CVE-2020-12464",
"CVE-2020-14314",
"CVE-2020-14356",
"CVE-2020-15437",
"CVE-2020-24394",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25643",
"CVE-2020-25704",
"CVE-2020-27786",
"CVE-2020-27835",
"CVE-2020-28974",
"CVE-2020-35508",
"CVE-2020-36322",
"CVE-2021-0342"
);
script_name(english:"Oracle Linux 8 : kernel (ELSA-2021-1578)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2021-1578 advisory.
- In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB
device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)
- An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL
pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka
CID-998912346c0d. (CVE-2020-11608)
- In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB
device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)
- usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because
a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)
- In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new
filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the
current umask is not considered. (CVE-2020-24394)
- A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before
4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a
denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)
- A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found
in the way when reboot the system. A local user could use this flaw to crash the system or escalate their
privileges on the system. (CVE-2020-14356)
- A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption
and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause
the system to crash or cause a denial of service. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability. (CVE-2020-25643)
- A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using
PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of
service. (CVE-2020-25704)
- A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to
read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because
KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)
- A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file
system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash
the system if the directory exists. The highest threat from this vulnerability is to system availability.
(CVE-2020-14314)
- A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers
to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c
instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)
- The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete
permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap
rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)
- A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be
used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified
other impact, aka CID-17743798d812. (CVE-2020-25285)
- A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux
kernel child/parent process identification handling while filtering signal handlers. A local attacker is
able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)
- A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel
through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering
sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)
- The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in
drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial
of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)
- A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the
way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
(CVE-2020-27835)
- Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version
26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an
escalation of privilege via local access. (CVE-2020-12362)
- An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka
CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system
crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as
CVE-2021-28950. (CVE-2020-36322)
- In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to
local escalation of privilege with System execution privileges required. User interaction is not required
for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)
- In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
(CVE-2020-0431)
- A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and
the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to
this specific memory while freed and before use causes the flow of execution to change and possibly allow
for memory corruption or privilege escalation. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability. (CVE-2020-27786)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2021-1578.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25643");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-27786");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/07");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-cross-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-perf");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['4.18.0-305.el8'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-1578');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '4.18';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'bpftool-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},
{'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},
{'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},
{'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},
{'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},
{'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},
{'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},
{'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},
{'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},
{'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},
{'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},
{'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},
{'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},
{'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},
{'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},
{'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},
{'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},
{'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},
{'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},
{'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},
{'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},
{'reference':'perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | kernel-debug-modules-extra | p-cpe:/a:oracle:linux:kernel-debug-modules-extra |
oracle | linux | kernel-tools-libs-devel | p-cpe:/a:oracle:linux:kernel-tools-libs-devel |
oracle | linux | kernel-debug | p-cpe:/a:oracle:linux:kernel-debug |
oracle | linux | kernel-tools-libs | p-cpe:/a:oracle:linux:kernel-tools-libs |
oracle | linux | python3-perf | p-cpe:/a:oracle:linux:python3-perf |
oracle | linux | kernel-modules-extra | p-cpe:/a:oracle:linux:kernel-modules-extra |
oracle | linux | kernel | p-cpe:/a:oracle:linux:kernel |
oracle | linux | kernel-devel | p-cpe:/a:oracle:linux:kernel-devel |
oracle | linux | kernel-core | p-cpe:/a:oracle:linux:kernel-core |
oracle | linux | kernel-headers | p-cpe:/a:oracle:linux:kernel-headers |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0342
linux.oracle.com/errata/ELSA-2021-1578.html