Oracle Linux 8 : kernel (ELSA-2021-4356)

2021-11-17T00:00:00

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to (CVE-2021-29650) - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through (CVE-2020-36158) - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was (CVE-2021-3679) - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent (CVE-2020-24586) - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in - Improper access control in BlueZ may allow an authenticated user to potentially enable information - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic (CVE-2021-33200) - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 (CVE-2020-24503) - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version (CVE-2020-24504) - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with (CVE-2021-3635) - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does Note that Nessus has not tested for this issue but has instead relied only on the application's as referenced in the ELSA-2021-4356 advisory. cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950) Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971) attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20239) 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440) free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348) lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427) aka CID-c8bcd9c5be24. (CVE-2020-29660) 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916) privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133) down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777) user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573) WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140) found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489) WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143) implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144) clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139) reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. (CVE-2020-26146) bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386) out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155) to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829) Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141) Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587) Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588) implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145) fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147) the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564) disclosure via adjacent access. (CVE-2021-0129) (CVE-2021-3732) and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. (CVE-2020-24502) operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. may allow an authenticated user to potentially enable information disclosure via local access. 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368) params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194) root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646) self-reported version number.

{"id": "ORACLELINUX_ELSA-2021-4356.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 8 : kernel (ELSA-2021-4356)", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4356 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. (CVE-2020-24502)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-11-17T00:00:00", "modified": "2021-11-17T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/155425", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26146", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3489", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31440", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36158", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27777", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24504", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3635", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29646", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3659", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24502", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20239", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33200", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24503", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26141", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3732", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26143", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20194", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "https://linux.oracle.com/errata/ELSA-2021-4356.html"], "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200"], "immutableFields": [], "lastseen": "2022-03-09T19:27:37", "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2020-1462", "ALAS-2021-1461", "ALAS-2021-1477", "ALAS-2021-1480", "ALAS-2021-1503", "ALAS-2021-1516", "ALAS-2021-1539", "ALAS2-2020-1566", "ALAS2-2021-1588", "ALAS2-2021-1600", "ALAS2-2021-1636", "ALAS2-2021-1675", "ALAS2-2021-1685", "ALAS2-2021-1704"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-10-01", "ANDROID:2022-03-01"]}, {"type": "attackerkb", "idList": ["AKB:BAAFFD25-660E-40C6-8978-DD33365E66B6"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "centos", "idList": ["CESA-2021:0856", "CESA-2021:3327", "CESA-2022:0620"]}, {"type": "checkpoint_security", "idList": ["CPS:SK173718"]}, {"type": "cisco", "idList": ["CISCO-SA-WIFI-FAF-22EPCEWU"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:2CDD25366BE0641E458C6D26C93FAFCB", "CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:4EC9980F83B01690E10463AAC5DFB26E", "CFOUNDRY:58E18367C5A247865E715DF802E7BD7E", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:873D4C50CDC37566272A2CA3925ADB7A", "CFOUNDRY:A2FEE29AAE667F24CE25C29140948247", "CFOUNDRY:AAB1A9D8C00DE1055EF3E3138D23B33B", "CFOUNDRY:DA24B69807C52E879C56B9ABE4845D93", "CFOUNDRY:F184B740F0F10F60B8D3B726CAF6949D", "CFOUNDRY:F80B396F2BC116F4085AD8234E752ED0"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262269", "CLSA-2021:1632262296"]}, {"type": "cve", "idList": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36322", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20207", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3635", "CVE-2021-3679", "CVE-2021-3732"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2494-1:12C95", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2610-1:A54F6", "DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2692-1:10CAC", "DEBIAN:DLA-2785-1:A6280", "DEBIAN:DLA-2843-1:AB8E9", "DEBIAN:DLA-2941-1:96084", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4843-1:6BD24", "DEBIAN:DSA-4951-1:8308D", "DEBIAN:DSA-4951-1:AC46F", "DEBIAN:DSA-4978-1:4EC47", "DEBIAN:DSA-4978-1:98A5E", "DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-0427", "DEBIANCVE:CVE-2020-24504", "DEBIANCVE:CVE-2020-24586", "DEBIANCVE:CVE-2020-24587", "DEBIANCVE:CVE-2020-24588", "DEBIANCVE:CVE-2020-26139", "DEBIANCVE:CVE-2020-26140", "DEBIANCVE:CVE-2020-26141", "DEBIANCVE:CVE-2020-26143", "DEBIANCVE:CVE-2020-26145", "DEBIANCVE:CVE-2020-26147", "DEBIANCVE:CVE-2020-27777", "DEBIANCVE:CVE-2020-29368", "DEBIANCVE:CVE-2020-29660", "DEBIANCVE:CVE-2020-36158", "DEBIANCVE:CVE-2020-36322", "DEBIANCVE:CVE-2020-36386", "DEBIANCVE:CVE-2021-0129", "DEBIANCVE:CVE-2021-20194", "DEBIANCVE:CVE-2021-20239", "DEBIANCVE:CVE-2021-23133", "DEBIANCVE:CVE-2021-28950", "DEBIANCVE:CVE-2021-28971", "DEBIANCVE:CVE-2021-29155", "DEBIANCVE:CVE-2021-29646", "DEBIANCVE:CVE-2021-29650", "DEBIANCVE:CVE-2021-31440", "DEBIANCVE:CVE-2021-31829", "DEBIANCVE:CVE-2021-31916", "DEBIANCVE:CVE-2021-33200", "DEBIANCVE:CVE-2021-3348", "DEBIANCVE:CVE-2021-3489", "DEBIANCVE:CVE-2021-3564", "DEBIANCVE:CVE-2021-3573", "DEBIANCVE:CVE-2021-3600", "DEBIANCVE:CVE-2021-3635", "DEBIANCVE:CVE-2021-3659", "DEBIANCVE:CVE-2021-3679", "DEBIANCVE:CVE-2021-3732"]}, {"type": "f5", "idList": ["F5:K01311152", "F5:K24920320", "F5:K25511825", "F5:K33484369", "F5:K43232343", "F5:K61294700", "F5:K67416037", "F5:K70992015"]}, {"type": "fedora", "idList": ["FEDORA:04CB83096494", "FEDORA:076F830528F3", "FEDORA:0A94430CF2BA", "FEDORA:16A22318E209", "FEDORA:1F1BC30987DA", "FEDORA:208C6306A247", "FEDORA:2FD22318E20E", "FEDORA:32BD030C0AC4", "FEDORA:380993093B41", "FEDORA:3FEEF3092824", "FEDORA:511D430A4E3F", "FEDORA:5468E3096282", "FEDORA:58EC4309C1DD", "FEDORA:59E8B30ECAF7", "FEDORA:604C9309D33B", "FEDORA:61FD73088720", "FEDORA:667B43096C8B", "FEDORA:6AE7B30A9BBD", "FEDORA:6D71230A4E3B", "FEDORA:6DE0C3096745", "FEDORA:73E1630A20AB", "FEDORA:74FD430C99A1", "FEDORA:7727530DFF13", "FEDORA:7A7D4309D9BC", "FEDORA:824E230A6A04", "FEDORA:8BDD33093B44", "FEDORA:8FD383176A9C", "FEDORA:9081130C99AB", "FEDORA:A3EB63093B7A", "FEDORA:A845A3076E40", "FEDORA:A87F030C4484", "FEDORA:AE66E30571B1", "FEDORA:B309B305D40A", "FEDORA:BFD8530ECE4A", "FEDORA:C1626307261A", "FEDORA:C50DA304C5D2", "FEDORA:C67B13088720", "FEDORA:C7E243096C83", "FEDORA:CFDB130AD501", "FEDORA:D544830A4E31", "FEDORA:D778730E51C3", "FEDORA:DBBBF30ECAF7", "FEDORA:DC0DD3095C29", "FEDORA:DEF49309BE28", "FEDORA:DEFD3309CEF2", "FEDORA:E0DE5304C34D", "FEDORA:E601230CF2BB", "FEDORA:E66B630C998B", "FEDORA:E6C7530A2BFD", "FEDORA:F0B8230E633B"]}, {"type": "fortinet", "idList": ["FG-IR-21-071"]}, {"type": "freebsd", "idList": ["8D20BD48-A4F3-11EC-90DE-1C697AA5A594"]}, {"type": "githubexploit", "idList": ["C0ADE54F-990F-5E04-8AD2-C7DD772426F3", "C56D37BC-0825-5F31-B1DE-FDCAB22ECBED", "E5D4E7F8-5D9A-5970-907B-1583C529EB4C"]}, {"type": "hackerone", "idList": ["H1:1238470"]}, {"type": "hp", "idList": ["HPSBHF03725", "HPSBHF03743"]}, {"type": "ibm", "idList": ["26430C27ADFEC47603BA22FE9750F46B1E6B9ADBC8FA3363BFC07025EA593253", "41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "65106796412DEC0389BAE053FEA84467BE1ED9C4AD20921446D5C54B9B059C88", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228", "F8F79D9AD433A0B7E0E975B566979C13E703FA76470AA8192544CDBD7EC0D7F3"]}, {"type": "ics", "idList": ["ICSA-21-236-01", "ICSA-22-102-04", "ICSA-22-104-04"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00462", "INTEL:INTEL-SA-00473", "INTEL:INTEL-SA-00517"]}, {"type": "kaspersky", "idList": ["KLA12167", "KLA12174"]}, {"type": "krebs", "idList": ["KREBS:4E22686F3C4E2536C402F6568B8E659A"]}, {"type": "lenovo", "idList": ["LENOVO:PS500405-INTEL-PROSET-AND-WIRELESS-WIFI-INTEL-VPRO-CSME-WIFI-AND-INTEL-KILLER-WIFI-ADVISORY-NOSID", "LENOVO:PS500411-AGGREGATION-AND-FRAGMENTATION-ATTACKS-AGAINST-WI-FI-FRAGATTACKS-VULNERABILITIES-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2021-0030", "MGASA-2021-0031", "MGASA-2021-0061", "MGASA-2021-0085", "MGASA-2021-0099", "MGASA-2021-0100", "MGASA-2021-0174", "MGASA-2021-0175", "MGASA-2021-0204", "MGASA-2021-0205", "MGASA-2021-0214", "MGASA-2021-0215", "MGASA-2021-0224", "MGASA-2021-0225", "MGASA-2021-0257", "MGASA-2021-0258"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:28CA5946147FC0561948BA2EF52A8329"]}, {"type": "mscve", "idList": ["MS:CVE-2020-24587", "MS:CVE-2020-24588", "MS:CVE-2020-26144"]}, {"type": "mskb", "idList": ["KB5003203", "KB5003220", "KB5003225", "KB5003228"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1588.NASL", "AL2_ALAS-2021-1600.NASL", "AL2_ALAS-2021-1636.NASL", "AL2_ALAS-2021-1675.NASL", "AL2_ALAS-2021-1685.NASL", "AL2_ALAS-2021-1704.NASL", "AL2_ALAS-2022-1761.NASL", "AL2_ALASKERNEL-5_10-2022-001.NASL", "AL2_ALASKERNEL-5_10-2022-002.NASL", "AL2_ALASKERNEL-5_10-2022-004.NASL", "AL2_ALASKERNEL-5_4-2022-002.NASL", "AL2_ALASKERNEL-5_4-2022-003.NASL", "AL2_ALASKERNEL-5_4-2022-004.NASL", "AL2_ALASKERNEL-5_4-2022-006.NASL", "AL2_ALASKERNEL-5_4-2022-019.NASL", "AL2_ALASKERNEL-5_4-2022-020.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALA_ALAS-2021-1477.NASL", "ALA_ALAS-2021-1480.NASL", "ALA_ALAS-2021-1503.NASL", "ALA_ALAS-2021-1516.NASL", "ALA_ALAS-2021-1539.NASL", "ALA_ALAS-2022-1571.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS_RHSA-2021-0856.NASL", "CENTOS_RHSA-2021-3327.NASL", "CENTOS_RHSA-2022-0620.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2610.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2690.NASL", "DEBIAN_DLA-2692.NASL", "DEBIAN_DLA-2843.NASL", "DEBIAN_DSA-4843.NASL", "DEBIAN_DSA-4951.NASL", "DEBIAN_DSA-4978.NASL", "DEBIAN_DSA-5096.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1148.NASL", "EULEROS_SA-2021-1200.NASL", "EULEROS_SA-2021-1246.NASL", "EULEROS_SA-2021-1265.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1715.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-1879.NASL", "EULEROS_SA-2021-1929.NASL", "EULEROS_SA-2021-1950.NASL", "EULEROS_SA-2021-1967.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-2002.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2051.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2183.NASL", "EULEROS_SA-2021-2195.NASL", "EULEROS_SA-2021-2246.NASL", "EULEROS_SA-2021-2272.NASL", "EULEROS_SA-2021-2301.NASL", "EULEROS_SA-2021-2336.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2465.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2021-2530.NASL", "EULEROS_SA-2021-2588.NASL", "EULEROS_SA-2021-2636.NASL", "EULEROS_SA-2021-2663.NASL", "EULEROS_SA-2021-2688.NASL", "EULEROS_SA-2021-2713.NASL", "EULEROS_SA-2021-2818.NASL", "EULEROS_SA-2021-2857.NASL", "EULEROS_SA-2021-2934.NASL", "EULEROS_SA-2022-1030.NASL", "EULEROS_SA-2022-1070.NASL", "EULEROS_SA-2022-1155.NASL", "EULEROS_SA-2022-1171.NASL", "EULEROS_SA-2022-1196.NASL", "EULEROS_SA-2022-1227.NASL", "EULEROS_SA-2022-1271.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1402.NASL", "EULEROS_SA-2022-1681.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1784.NASL", "EULEROS_SA-2022-1801.NASL", "F5_BIGIP_SOL67416037.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2021-2306E89112.NASL", "FEDORA_2021-3465ADA1CA.NASL", "FEDORA_2021-68B0DD2373.NASL", "FEDORA_2021-6B0F287B8B.NASL", "FEDORA_2021-76AAA904E2.NASL", "FEDORA_2021-9503FFFAD9.NASL", "FEDORA_2021-E49DA8A226.NASL", "FEDORA_2021-F8EDE2FDFC.NASL", "FREEBSD_PKG_8D20BD48A4F311EC90DE1C697AA5A594.NASL", "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0073_KERNEL.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-1142.NASL", "OPENSUSE-2021-1271.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-2291.NASL", "OPENSUSE-2021-2305.NASL", "OPENSUSE-2021-2352.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-2427.NASL", "OPENSUSE-2021-2645.NASL", "OPENSUSE-2021-2687.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "OPENSUSE-2021-3876.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-3941.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-716.NASL", "OPENSUSE-2021-75.NASL", "OPENSUSE-2021-758.NASL", "OPENSUSE-2021-843.NASL", "OPENSUSE-2021-873.NASL", "OPENSUSE-2021-947.NASL", "OPENSUSE-2022-0056-1.NASL", "OPENSUSE-2022-0131-1.NASL", "OPENSUSE-2022-0366-1.NASL", "ORACLELINUX_ELSA-2021-0856.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-3327.NASL", "ORACLELINUX_ELSA-2021-9030.NASL", "ORACLELINUX_ELSA-2021-9035.NASL", "ORACLELINUX_ELSA-2021-9037.NASL", "ORACLELINUX_ELSA-2021-9038.NASL", "ORACLELINUX_ELSA-2021-9039.NASL", "ORACLELINUX_ELSA-2021-9040.NASL", "ORACLELINUX_ELSA-2021-9041.NASL", "ORACLELINUX_ELSA-2021-9043.NASL", "ORACLELINUX_ELSA-2021-9084.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9087.NASL", "ORACLELINUX_ELSA-2021-9215.NASL", "ORACLELINUX_ELSA-2021-9220.NASL", "ORACLELINUX_ELSA-2021-9221.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "ORACLELINUX_ELSA-2021-9305.NASL", "ORACLELINUX_ELSA-2021-9306.NASL", "ORACLELINUX_ELSA-2021-9307.NASL", "ORACLELINUX_ELSA-2021-9308.NASL", "ORACLELINUX_ELSA-2021-9346.NASL", "ORACLELINUX_ELSA-2021-9349.NASL", "ORACLELINUX_ELSA-2021-9351.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "ORACLELINUX_ELSA-2021-9363.NASL", "ORACLELINUX_ELSA-2021-9404.NASL", "ORACLELINUX_ELSA-2021-9406.NASL", "ORACLELINUX_ELSA-2021-9450.NASL", "ORACLELINUX_ELSA-2021-9451.NASL", "ORACLELINUX_ELSA-2021-9458.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLELINUX_ELSA-2021-9460.NASL", "ORACLELINUX_ELSA-2021-9470.NASL", "ORACLELINUX_ELSA-2021-9471.NASL", "ORACLELINUX_ELSA-2021-9485.NASL", "ORACLELINUX_ELSA-2021-9488.NASL", "ORACLELINUX_ELSA-2021-9534.NASL", "ORACLELINUX_ELSA-2021-9577.NASL", "ORACLELINUX_ELSA-2022-0063.NASL", "ORACLELINUX_ELSA-2022-0620.NASL", "ORACLELINUX_ELSA-2022-9088.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9365.NASL", "ORACLELINUX_ELSA-2022-9368.NASL", "ORACLEVM_OVMSA-2021-0005.NASL", "ORACLEVM_OVMSA-2021-0016.NASL", "ORACLEVM_OVMSA-2021-0022.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "ORACLEVM_OVMSA-2021-0036.NASL", "ORACLEVM_OVMSA-2021-0039.NASL", "ORACLEVM_OVMSA-2022-0007.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2021-1_0-0354_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0308_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0314_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0224_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0237_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0243_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0251_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0263_BLUEZ.NASL", "PHOTONOS_PHSA-2021-3_0-0302_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0013_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0023_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0029_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0032_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0041_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0047_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0055_BLUEZ.NASL", "REDHAT-RHSA-2021-0856.NASL", "REDHAT-RHSA-2021-0857.NASL", "REDHAT-RHSA-2021-3327.NASL", "REDHAT-RHSA-2021-3328.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "REDHAT-RHSA-2021-4648.NASL", "REDHAT-RHSA-2021-4650.NASL", "REDHAT-RHSA-2022-0620.NASL", "REDHAT-RHSA-2022-0622.NASL", "REDHAT-RHSA-2022-5220.NASL", "REDHAT-RHSA-2022-5224.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "ROCKY_LINUX_RLSA-2021-4140.NASL", "ROCKY_LINUX_RLSA-2021-4356.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "SLACKWARE_SSA_2022-031-01.NASL", "SL_20210831_KERNEL_ON_SL7_X.NASL", "SL_20220223_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS21_MAY_5003169.NASL", "SMB_NT_MS21_MAY_5003171.NASL", "SMB_NT_MS21_MAY_5003172.NASL", "SMB_NT_MS21_MAY_5003173.NASL", "SMB_NT_MS21_MAY_5003174.NASL", "SMB_NT_MS21_MAY_5003197.NASL", "SMB_NT_MS21_MAY_5003208.NASL", "SMB_NT_MS21_MAY_5003210.NASL", "SMB_NT_MS21_MAY_5003233.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0348-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0408-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0532-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0736-1.NASL", "SUSE_SU-2021-0737-1.NASL", "SUSE_SU-2021-0739-1.NASL", "SUSE_SU-2021-0740-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0742-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-14630-1.NASL", "SUSE_SU-2021-14724-1.NASL", "SUSE_SU-2021-14764-1.NASL", "SUSE_SU-2021-14849-1.NASL", "SUSE_SU-2021-1571-1.NASL", "SUSE_SU-2021-1572-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1574-1.NASL", "SUSE_SU-2021-1595-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1865-1.NASL", "SUSE_SU-2021-1870-1.NASL", "SUSE_SU-2021-1887-1.NASL", "SUSE_SU-2021-1888-1.NASL", "SUSE_SU-2021-1889-1.NASL", "SUSE_SU-2021-1890-1.NASL", "SUSE_SU-2021-1891-1.NASL", "SUSE_SU-2021-1899-1.NASL", "SUSE_SU-2021-1912-1.NASL", "SUSE_SU-2021-1913-1.NASL", "SUSE_SU-2021-1915-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2020-1.NASL", "SUSE_SU-2021-2027-1.NASL", "SUSE_SU-2021-2057-1.NASL", "SUSE_SU-2021-2184-1.NASL", "SUSE_SU-2021-2198-1.NASL", "SUSE_SU-2021-2202-1.NASL", "SUSE_SU-2021-2208-1.NASL", "SUSE_SU-2021-2291-1.NASL", "SUSE_SU-2021-2303-1.NASL", "SUSE_SU-2021-2305-1.NASL", "SUSE_SU-2021-2321-1.NASL", "SUSE_SU-2021-2324-1.NASL", "SUSE_SU-2021-2325-1.NASL", "SUSE_SU-2021-2332-1.NASL", "SUSE_SU-2021-2344-1.NASL", "SUSE_SU-2021-2349-1.NASL", "SUSE_SU-2021-2352-1.NASL", "SUSE_SU-2021-2361-1.NASL", "SUSE_SU-2021-2366-1.NASL", "SUSE_SU-2021-2367-1.NASL", "SUSE_SU-2021-2377-1.NASL", "SUSE_SU-2021-2384-1.NASL", "SUSE_SU-2021-2387-1.NASL", "SUSE_SU-2021-2406-1.NASL", "SUSE_SU-2021-2421-1.NASL", "SUSE_SU-2021-2422-1.NASL", "SUSE_SU-2021-2426-1.NASL", "SUSE_SU-2021-2427-1.NASL", "SUSE_SU-2021-2451-1.NASL", "SUSE_SU-2021-2453-1.NASL", "SUSE_SU-2021-2460-1.NASL", "SUSE_SU-2021-2577-1.NASL", "SUSE_SU-2021-2643-1.NASL", "SUSE_SU-2021-2644-1.NASL", "SUSE_SU-2021-2645-1.NASL", "SUSE_SU-2021-2646-1.NASL", "SUSE_SU-2021-2647-1.NASL", "SUSE_SU-2021-2678-1.NASL", "SUSE_SU-2021-2687-1.NASL", "SUSE_SU-2021-2756-1.NASL", "SUSE_SU-2021-3177-1.NASL", "SUSE_SU-2021-3178-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3207-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3360-1.NASL", "SUSE_SU-2021-3361-1.NASL", "SUSE_SU-2021-3371-1.NASL", "SUSE_SU-2021-3374-1.NASL", "SUSE_SU-2021-3401-1.NASL", "SUSE_SU-2021-3415-1.NASL", "SUSE_SU-2021-3440-1.NASL", "SUSE_SU-2021-3443-1.NASL", "SUSE_SU-2021-3459-1.NASL", "SUSE_SU-2021-3848-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3877-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3933-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3941-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2021-3978-1.NASL", "SUSE_SU-2021-3979-1.NASL", "SUSE_SU-2021-3992-1.NASL", "SUSE_SU-2022-0056-1.NASL", "SUSE_SU-2022-0079-1.NASL", "SUSE_SU-2022-0131-1.NASL", "SUSE_SU-2022-0362-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL", "SUSE_SU-2022-0371-1.NASL", "SUSE_SU-2022-0372-1.NASL", "SUSE_SU-2022-0477-1.NASL", "SUSE_SU-2022-0555-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4708-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4750-1.NASL", "UBUNTU_USN-4751-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4876-1.NASL", "UBUNTU_USN-4877-1.NASL", "UBUNTU_USN-4878-1.NASL", "UBUNTU_USN-4879-1.NASL", "UBUNTU_USN-4884-1.NASL", "UBUNTU_USN-4907-1.NASL", "UBUNTU_USN-4909-1.NASL", "UBUNTU_USN-4910-1.NASL", "UBUNTU_USN-4911-1.NASL", "UBUNTU_USN-4912-1.NASL", "UBUNTU_USN-4945-1.NASL", "UBUNTU_USN-4945-2.NASL", "UBUNTU_USN-4946-1.NASL", "UBUNTU_USN-4947-1.NASL", "UBUNTU_USN-4948-1.NASL", "UBUNTU_USN-4949-1.NASL", "UBUNTU_USN-4950-1.NASL", "UBUNTU_USN-4977-1.NASL", "UBUNTU_USN-4979-1.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-4983-1.NASL", "UBUNTU_USN-4984-1.NASL", "UBUNTU_USN-4997-1.NASL", "UBUNTU_USN-4997-2.NASL", "UBUNTU_USN-4999-1.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-5000-2.NASL", "UBUNTU_USN-5001-1.NASL", "UBUNTU_USN-5003-1.NASL", "UBUNTU_USN-5015-1.NASL", "UBUNTU_USN-5017-1.NASL", "UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-5044-1.NASL", "UBUNTU_USN-5045-1.NASL", "UBUNTU_USN-5046-1.NASL", "UBUNTU_USN-5050-1.NASL", "UBUNTU_USN-5091-1.NASL", "UBUNTU_USN-5091-2.NASL", "UBUNTU_USN-5092-1.NASL", "UBUNTU_USN-5092-2.NASL", "UBUNTU_USN-5094-1.NASL", "UBUNTU_USN-5094-2.NASL", "UBUNTU_USN-5096-1.NASL", "UBUNTU_USN-5113-1.NASL", "UBUNTU_USN-5115-1.NASL", "UBUNTU_USN-5116-1.NASL", "UBUNTU_USN-5116-2.NASL", "UBUNTU_USN-5136-1.NASL", "UBUNTU_USN-5299-1.NASL", "UBUNTU_USN-5343-1.NASL", "UBUNTU_USN-5361-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0856", "ELSA-2021-3327", "ELSA-2021-4356", "ELSA-2021-9005", "ELSA-2021-9008", "ELSA-2021-9030", "ELSA-2021-9035", "ELSA-2021-9037", "ELSA-2021-9038", "ELSA-2021-9039", "ELSA-2021-9040", "ELSA-2021-9041", "ELSA-2021-9043", "ELSA-2021-9052", "ELSA-2021-9084", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9087", "ELSA-2021-9140", "ELSA-2021-9215", "ELSA-2021-9220", "ELSA-2021-9221", "ELSA-2021-9222", "ELSA-2021-9223", "ELSA-2021-9305", "ELSA-2021-9306", "ELSA-2021-9307", "ELSA-2021-9308", "ELSA-2021-9346", "ELSA-2021-9349", "ELSA-2021-9351", "ELSA-2021-9362", "ELSA-2021-9363", "ELSA-2021-9404", "ELSA-2021-9406", "ELSA-2021-9450", "ELSA-2021-9451", "ELSA-2021-9452", "ELSA-2021-9453", "ELSA-2021-9458", "ELSA-2021-9459", "ELSA-2021-9460", "ELSA-2021-9470", "ELSA-2021-9471", "ELSA-2021-9485", "ELSA-2021-9488", "ELSA-2021-9534", "ELSA-2021-9577", "ELSA-2022-0620", "ELSA-2022-9088", "ELSA-2022-9348", "ELSA-2022-9365", "ELSA-2022-9368"]}, {"type": "osv", "idList": ["OSV:ASB-A-175451844", "OSV:DLA-2483-1", "OSV:DLA-2494-1", "OSV:DLA-2557-1", "OSV:DLA-2586-1", "OSV:DLA-2610-1", "OSV:DLA-2689-1", "OSV:DLA-2690-1", "OSV:DLA-2692-1", "OSV:DLA-2785-1", "OSV:DLA-2843-1", "OSV:DLA-2941-1", "OSV:DSA-4843-1", "OSV:DSA-4951-1", "OSV:DSA-4978-1", "OSV:DSA-5096-1"]}, {"type": "photon", "idList": ["PHSA-2020-0108", "PHSA-2020-0174", "PHSA-2020-0256", "PHSA-2020-0345", "PHSA-2020-0350", "PHSA-2020-1.0-0350", "PHSA-2020-3.0-0174", "PHSA-2021-0007", "PHSA-2021-0023", "PHSA-2021-0029", "PHSA-2021-0031", "PHSA-2021-0032", "PHSA-2021-0041", "PHSA-2021-0047", "PHSA-2021-0055", "PHSA-2021-0095", "PHSA-2021-0182", "PHSA-2021-0193", "PHSA-2021-0221", "PHSA-2021-0237", "PHSA-2021-0243", "PHSA-2021-0251", "PHSA-2021-0263", "PHSA-2021-0278", "PHSA-2021-0302", "PHSA-2021-0332", "PHSA-2021-0354", "PHSA-2021-0390", "PHSA-2021-0409", "PHSA-2021-0436", "PHSA-2021-1.0-0354", "PHSA-2021-2.0-0308", "PHSA-2021-2.0-0314", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0221", "PHSA-2021-3.0-0237", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0263", "PHSA-2021-3.0-0302", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0023", "PHSA-2021-4.0-0029", "PHSA-2021-4.0-0032", "PHSA-2021-4.0-0041", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0055"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "redhat", "idList": ["RHSA-2021:0856", "RHSA-2021:0857", "RHSA-2021:1129", "RHSA-2021:3327", "RHSA-2021:3328", "RHSA-2021:3454", "RHSA-2021:3653", "RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:4648", "RHSA-2021:4650", "RHSA-2021:4914", "RHSA-2021:5137", "RHSA-2022:0620", "RHSA-2022:0622", "RHSA-2022:0856", "RHSA-2022:5220", "RHSA-2022:5224", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5730"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0427", "RH:CVE-2020-24502", "RH:CVE-2020-24503", "RH:CVE-2020-24504", "RH:CVE-2020-24586", "RH:CVE-2020-24587", "RH:CVE-2020-24588", "RH:CVE-2020-26139", "RH:CVE-2020-26140", "RH:CVE-2020-26141", "RH:CVE-2020-26143", "RH:CVE-2020-26144", "RH:CVE-2020-26145", "RH:CVE-2020-26146", "RH:CVE-2020-26147", "RH:CVE-2020-27777", "RH:CVE-2020-29368", "RH:CVE-2020-29660", "RH:CVE-2020-36158", "RH:CVE-2020-36386", "RH:CVE-2021-0129", "RH:CVE-2021-20194", "RH:CVE-2021-20239", "RH:CVE-2021-23133", "RH:CVE-2021-28950", "RH:CVE-2021-28971", "RH:CVE-2021-29155", "RH:CVE-2021-29646", "RH:CVE-2021-29650", "RH:CVE-2021-31440", "RH:CVE-2021-31829", "RH:CVE-2021-31916", "RH:CVE-2021-33200", "RH:CVE-2021-3348", "RH:CVE-2021-3489", "RH:CVE-2021-3564", "RH:CVE-2021-3573", "RH:CVE-2021-3600", "RH:CVE-2021-3635", "RH:CVE-2021-3659", "RH:CVE-2021-3679", "RH:CVE-2021-3732"]}, {"type": "rocky", "idList": ["RLSA-2021:4140", "RLSA-2021:4356"]}, {"type": "slackware", "idList": ["SSA-2021-202-01", "SSA-2022-031-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0716-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0873-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:1142-1", "OPENSUSE-SU-2021:1271-1", "OPENSUSE-SU-2021:1501-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:2184-1", "OPENSUSE-SU-2021:2202-1", "OPENSUSE-SU-2021:2291-1", "OPENSUSE-SU-2021:2305-1", "OPENSUSE-SU-2021:2352-1", "OPENSUSE-SU-2021:2427-1", "OPENSUSE-SU-2021:2645-1", "OPENSUSE-SU-2021:2687-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3806-1", "OPENSUSE-SU-2021:3876-1", "OPENSUSE-SU-2021:3941-1", "OPENSUSE-SU-2022:0056-1", "OPENSUSE-SU-2022:0131-1", "OPENSUSE-SU-2022:0366-1"]}, {"type": "thn", "idList": ["THN:C210D3FA71F1ED44D3BA1BF0CA368767"]}, {"type": "threatpost", "idList": ["THREATPOST:2DBC4E237FAA8188A19D53BBB3356C62", "THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C"]}, {"type": "ubuntu", "idList": ["LSN-0074-1", "LSN-0079-1", "LSN-0082-1", "USN-4657-1", "USN-4679-1", "USN-4680-1", "USN-4708-1", "USN-4748-1", "USN-4749-1", "USN-4750-1", "USN-4751-1", "USN-4752-1", "USN-4876-1", "USN-4877-1", "USN-4878-1", "USN-4879-1", "USN-4884-1", "USN-4907-1", "USN-4909-1", "USN-4910-1", "USN-4911-1", "USN-4912-1", "USN-4945-1", "USN-4945-2", "USN-4946-1", "USN-4947-1", "USN-4948-1", "USN-4949-1", "USN-4950-1", "USN-4977-1", "USN-4979-1", "USN-4982-1", "USN-4983-1", "USN-4984-1", "USN-4997-1", "USN-4997-2", "USN-4999-1", "USN-5000-1", "USN-5000-2", "USN-5001-1", "USN-5003-1", "USN-5015-1", "USN-5017-1", "USN-5018-1", "USN-5044-1", "USN-5045-1", "USN-5046-1", "USN-5050-1", "USN-5091-1", "USN-5091-2", "USN-5091-3", "USN-5092-1", "USN-5092-2", "USN-5092-3", "USN-5094-1", "USN-5094-2", "USN-5096-1", "USN-5113-1", "USN-5115-1", "USN-5116-1", "USN-5116-2", "USN-5130-1", "USN-5299-1", "USN-5343-1", "USN-5361-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-0427", "UB:CVE-2020-24502", "UB:CVE-2020-24503", "UB:CVE-2020-24504", "UB:CVE-2020-24586", "UB:CVE-2020-24587", "UB:CVE-2020-24588", "UB:CVE-2020-26139", "UB:CVE-2020-26140", "UB:CVE-2020-26141", "UB:CVE-2020-26143", "UB:CVE-2020-26144", "UB:CVE-2020-26145", "UB:CVE-2020-26146", "UB:CVE-2020-26147", "UB:CVE-2020-27777", "UB:CVE-2020-29368", "UB:CVE-2020-29660", "UB:CVE-2020-36158", "UB:CVE-2020-36322", "UB:CVE-2020-36386", "UB:CVE-2021-0129", "UB:CVE-2021-20194", "UB:CVE-2021-20239", "UB:CVE-2021-23133", "UB:CVE-2021-28950", "UB:CVE-2021-28971", "UB:CVE-2021-29155", "UB:CVE-2021-29646", "UB:CVE-2021-29650", "UB:CVE-2021-31440", "UB:CVE-2021-31829", "UB:CVE-2021-31916", "UB:CVE-2021-33200", "UB:CVE-2021-3348", "UB:CVE-2021-3489", "UB:CVE-2021-3564", "UB:CVE-2021-3573", "UB:CVE-2021-3600", "UB:CVE-2021-3635", "UB:CVE-2021-3659", "UB:CVE-2021-3679", "UB:CVE-2021-3732"]}, {"type": "veracode", "idList": ["VERACODE:28079", "VERACODE:29735", "VERACODE:29755", "VERACODE:29756", "VERACODE:29757", "VERACODE:30013", "VERACODE:30647", "VERACODE:30648", "VERACODE:30651", "VERACODE:30841", "VERACODE:30844", "VERACODE:30975", "VERACODE:31584", "VERACODE:31592", "VERACODE:31593", "VERACODE:32325", "VERACODE:32326", "VERACODE:33001", "VERACODE:33002", "VERACODE:33003", "VERACODE:33004", "VERACODE:33005", "VERACODE:33006", "VERACODE:33007", "VERACODE:33008", "VERACODE:33009", "VERACODE:33010", "VERACODE:33011", "VERACODE:33012", "VERACODE:33013", "VERACODE:33014", "VERACODE:33108", "VERACODE:33109", "VERACODE:33110", "VERACODE:33276", "VERACODE:33277", "VERACODE:33278", "VERACODE:33279"]}, {"type": "zdi", "idList": ["ZDI-21-503", "ZDI-21-590"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2020-1462", "ALAS-2021-1461", "ALAS-2021-1477", "ALAS-2021-1480", "ALAS-2021-1503", "ALAS-2021-1516", "ALAS-2021-1539", "ALAS2-2020-1566", "ALAS2-2021-1588", "ALAS2-2021-1600", "ALAS2-2021-1636", "ALAS2-2021-1685"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-10-01"]}, {"type": "attackerkb", "idList": ["AKB:BAAFFD25-660E-40C6-8978-DD33365E66B6"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "canvas", "idList": ["OVERLAYFS"]}, {"type": "centos", "idList": ["CESA-2021:0856"]}, {"type": "checkpoint_security", "idList": ["CPS:SK173718"]}, {"type": "cisco", "idList": ["CISCO-SA-WIFI-FAF-22EPCEWU"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:F80B396F2BC116F4085AD8234E752ED0"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262296"]}, {"type": "cve", "idList": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3573", "CVE-2021-3635"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2494-1:12C95", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2692-1:10CAC", "DEBIAN:DLA-2785-1:A6280", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4978-1:4EC47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-0129"]}, {"type": "f5", "idList": ["F5:K24920320"]}, {"type": "fedora", "idList": ["FEDORA:04CB83096494", "FEDORA:0A94430CF2BA", "FEDORA:16A22318E209", "FEDORA:1F1BC30987DA", "FEDORA:2FD22318E20E", "FEDORA:32BD030C0AC4", "FEDORA:380993093B41", "FEDORA:511D430A4E3F", "FEDORA:5468E3096282", "FEDORA:58EC4309C1DD", "FEDORA:59E8B30ECAF7", "FEDORA:61FD73088720", "FEDORA:6AE7B30A9BBD", "FEDORA:6D71230A4E3B", "FEDORA:6DE0C3096745", "FEDORA:73E1630A20AB", "FEDORA:7727530DFF13", "FEDORA:824E230A6A04", "FEDORA:8BDD33093B44", "FEDORA:8FD383176A9C", "FEDORA:A3EB63093B7A", "FEDORA:A845A3076E40", "FEDORA:A87F030C4484", "FEDORA:AE66E30571B1", "FEDORA:BFD8530ECE4A", "FEDORA:C67B13088720", "FEDORA:CFDB130AD501", "FEDORA:D544830A4E31", "FEDORA:D778730E51C3", "FEDORA:DBBBF30ECAF7", "FEDORA:DC0DD3095C29", "FEDORA:DEFD3309CEF2", "FEDORA:E601230CF2BB", "FEDORA:F0B8230E633B"]}, {"type": "fortinet", "idList": ["FG-IR-21-071"]}, {"type": "freebsd", "idList": ["8D20BD48-A4F3-11EC-90DE-1C697AA5A594"]}, {"type": "githubexploit", "idList": ["C56D37BC-0825-5F31-B1DE-FDCAB22ECBED"]}, {"type": "hackerone", "idList": ["H1:1238470"]}, {"type": "hp", "idList": ["HPSBHF03725", "HPSBHF03743"]}, {"type": "ibm", "idList": ["41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE"]}, {"type": "kaspersky", "idList": ["KLA12167", "KLA12174"]}, {"type": "krebs", "idList": ["KREBS:4E22686F3C4E2536C402F6568B8E659A"]}, {"type": "lenovo", "idList": ["LENOVO:PS500405-INTEL-PROSET-AND-WIRELESS-WIFI-INTEL-VPRO-CSME-WIFI-AND-INTEL-KILLER-WIFI-ADVISORY-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:28CA5946147FC0561948BA2EF52A8329"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/MSFT-CVE-2020-24588/", "MSF:ILITIES/MSFT-CVE-2020-26144/", "MSF:ILITIES/REDHAT_LINUX-CVE-2020-36322/", "MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "mscve", "idList": ["MS:CVE-2020-24587", "MS:CVE-2020-24588", "MS:CVE-2020-26144"]}, {"type": "mskb", "idList": ["KB5003203", "KB5003225"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1588.NASL", "AL2_ALAS-2021-1600.NASL", "AL2_ALAS-2021-1636.NASL", "AL2_ALAS-2021-1685.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALA_ALAS-2021-1477.NASL", "ALA_ALAS-2021-1480.NASL", "ALA_ALAS-2021-1503.NASL", "ALA_ALAS-2021-1516.NASL", "ALA_ALAS-2021-1539.NASL", "CENTOS_RHSA-2021-0856.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2690.NASL", "DEBIAN_DSA-4978.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1148.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1879.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2183.NASL", "EULEROS_SA-2021-2195.NASL", "EULEROS_SA-2021-2465.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2021-2530.NASL", "EULEROS_SA-2021-2688.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2021-2306E89112.NASL", "FEDORA_2021-3465ADA1CA.NASL", "FEDORA_2021-6B0F287B8B.NASL", "FEDORA_2021-76AAA904E2.NASL", "FEDORA_2021-E49DA8A226.NASL", "FEDORA_2021-F8EDE2FDFC.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-2291.NASL", "OPENSUSE-2021-2305.NASL", "OPENSUSE-2021-2352.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-2427.NASL", "OPENSUSE-2021-2687.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "OPENSUSE-2021-3876.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-3941.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-716.NASL", "OPENSUSE-2021-75.NASL", "OPENSUSE-2021-758.NASL", "ORACLELINUX_ELSA-2021-0856.NASL", "ORACLELINUX_ELSA-2021-9035.NASL", "ORACLELINUX_ELSA-2021-9039.NASL", "ORACLELINUX_ELSA-2021-9040.NASL", "ORACLELINUX_ELSA-2021-9041.NASL", "ORACLELINUX_ELSA-2021-9043.NASL", "ORACLELINUX_ELSA-2021-9084.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9087.NASL", "ORACLELINUX_ELSA-2021-9215.NASL", "ORACLELINUX_ELSA-2021-9220.NASL", "ORACLELINUX_ELSA-2021-9221.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "ORACLELINUX_ELSA-2021-9349.NASL", "ORACLELINUX_ELSA-2021-9351.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "ORACLELINUX_ELSA-2021-9363.NASL", "ORACLELINUX_ELSA-2021-9458.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLELINUX_ELSA-2021-9460.NASL", "ORACLELINUX_ELSA-2021-9470.NASL", "ORACLELINUX_ELSA-2021-9471.NASL", "ORACLELINUX_ELSA-2021-9485.NASL", "ORACLELINUX_ELSA-2021-9488.NASL", "ORACLELINUX_ELSA-2021-9577.NASL", "ORACLEVM_OVMSA-2021-0022.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2021-1_0-0354_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0308_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0314_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0224_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0237_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0243_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0263_BLUEZ.NASL", "PHOTONOS_PHSA-2021-3_0-0302_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0013_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0023_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0029_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0032_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0047_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0055_BLUEZ.NASL", "REDHAT-RHSA-2021-0856.NASL", "REDHAT-RHSA-2021-0857.NASL", "REDHAT-RHSA-2021-3328.NASL", "REDHAT-RHSA-2021-4648.NASL", "REDHAT-RHSA-2021-4650.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "SMB_NT_MS21_MAY_5003173.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0348-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0408-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0532-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0736-1.NASL", "SUSE_SU-2021-0737-1.NASL", "SUSE_SU-2021-0739-1.NASL", "SUSE_SU-2021-0740-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0742-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-14764-1.NASL", "SUSE_SU-2021-14849-1.NASL", "SUSE_SU-2021-1571-1.NASL", "SUSE_SU-2021-1572-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1574-1.NASL", "SUSE_SU-2021-1595-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2020-1.NASL", "SUSE_SU-2021-2027-1.NASL", "SUSE_SU-2021-2057-1.NASL", "SUSE_SU-2021-2291-1.NASL", "SUSE_SU-2021-2303-1.NASL", "SUSE_SU-2021-2305-1.NASL", "SUSE_SU-2021-2321-1.NASL", "SUSE_SU-2021-2324-1.NASL", "SUSE_SU-2021-2325-1.NASL", "SUSE_SU-2021-2332-1.NASL", "SUSE_SU-2021-2344-1.NASL", "SUSE_SU-2021-2349-1.NASL", "SUSE_SU-2021-2352-1.NASL", "SUSE_SU-2021-2361-1.NASL", "SUSE_SU-2021-2366-1.NASL", "SUSE_SU-2021-2367-1.NASL", "SUSE_SU-2021-2377-1.NASL", "SUSE_SU-2021-2384-1.NASL", "SUSE_SU-2021-2387-1.NASL", "SUSE_SU-2021-2406-1.NASL", "SUSE_SU-2021-2421-1.NASL", "SUSE_SU-2021-2422-1.NASL", "SUSE_SU-2021-2426-1.NASL", "SUSE_SU-2021-2427-1.NASL", "SUSE_SU-2021-2451-1.NASL", "SUSE_SU-2021-2453-1.NASL", "SUSE_SU-2021-2460-1.NASL", "SUSE_SU-2021-2577-1.NASL", "SUSE_SU-2021-2678-1.NASL", "SUSE_SU-2021-2687-1.NASL", "SUSE_SU-2021-2756-1.NASL", "SUSE_SU-2021-3177-1.NASL", "SUSE_SU-2021-3178-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3207-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3440-1.NASL", "SUSE_SU-2021-3443-1.NASL", "SUSE_SU-2021-3459-1.NASL", "SUSE_SU-2021-3848-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3877-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3933-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3941-1.NASL", "SUSE_SU-2021-3969-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4708-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4750-1.NASL", "UBUNTU_USN-4751-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4876-1.NASL", "UBUNTU_USN-4877-1.NASL", "UBUNTU_USN-4878-1.NASL", "UBUNTU_USN-4879-1.NASL", "UBUNTU_USN-4884-1.NASL", "UBUNTU_USN-4945-1.NASL", "UBUNTU_USN-4945-2.NASL", "UBUNTU_USN-4946-1.NASL", "UBUNTU_USN-4947-1.NASL", "UBUNTU_USN-4948-1.NASL", "UBUNTU_USN-4949-1.NASL", "UBUNTU_USN-4950-1.NASL", "UBUNTU_USN-4997-1.NASL", "UBUNTU_USN-4999-1.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-5001-1.NASL", "UBUNTU_USN-5003-1.NASL", "UBUNTU_USN-5015-1.NASL", "UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-5044-1.NASL", "UBUNTU_USN-5045-1.NASL", "UBUNTU_USN-5046-1.NASL", "UBUNTU_USN-5050-1.NASL", "UBUNTU_USN-5091-1.NASL", "UBUNTU_USN-5091-2.NASL", "UBUNTU_USN-5092-1.NASL", "UBUNTU_USN-5092-2.NASL", "UBUNTU_USN-5094-1.NASL", "UBUNTU_USN-5094-2.NASL", "UBUNTU_USN-5096-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0856", "ELSA-2021-3327", "ELSA-2021-4356", "ELSA-2021-9005", "ELSA-2021-9008", "ELSA-2021-9035", "ELSA-2021-9037", "ELSA-2021-9038", "ELSA-2021-9039", "ELSA-2021-9040", "ELSA-2021-9041", "ELSA-2021-9043", "ELSA-2021-9084", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9087", "ELSA-2021-9215", "ELSA-2021-9220", "ELSA-2021-9221", "ELSA-2021-9222", "ELSA-2021-9223", "ELSA-2021-9349", "ELSA-2021-9351", "ELSA-2021-9362", "ELSA-2021-9363", "ELSA-2021-9458", "ELSA-2021-9459", "ELSA-2021-9460", "ELSA-2021-9470", "ELSA-2021-9471", "ELSA-2021-9577"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0350", "PHSA-2020-3.0-0174", "PHSA-2021-1.0-0354", "PHSA-2021-2.0-0308", "PHSA-2021-2.0-0314", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0221", "PHSA-2021-3.0-0237", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0263", "PHSA-2021-3.0-0302", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0023", "PHSA-2021-4.0-0029", "PHSA-2021-4.0-0032", "PHSA-2021-4.0-0041", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0055"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "redhat", "idList": ["RHSA-2021:4650"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0427", "RH:CVE-2020-24502", "RH:CVE-2020-24503", "RH:CVE-2020-24504", "RH:CVE-2020-24586", "RH:CVE-2020-24587", "RH:CVE-2020-24588", "RH:CVE-2020-26139", "RH:CVE-2020-26140", "RH:CVE-2020-26141", "RH:CVE-2020-26143", "RH:CVE-2020-26144", "RH:CVE-2020-26145", "RH:CVE-2020-26146", "RH:CVE-2020-26147", "RH:CVE-2020-27777", "RH:CVE-2020-29660", "RH:CVE-2020-36158", "RH:CVE-2021-20194", "RH:CVE-2021-20239", "RH:CVE-2021-23133", "RH:CVE-2021-28950", "RH:CVE-2021-28971", "RH:CVE-2021-29155", "RH:CVE-2021-29646", "RH:CVE-2021-29650", "RH:CVE-2021-31440", "RH:CVE-2021-31829", "RH:CVE-2021-31916", "RH:CVE-2021-33200", "RH:CVE-2021-3348", "RH:CVE-2021-3489", "RH:CVE-2021-3564", "RH:CVE-2021-3600", "RH:CVE-2021-3659", "RH:CVE-2021-3679", "RH:CVE-2021-3732"]}, {"type": "rocky", "idList": ["RLSA-2021:4140", "RLSA-2021:4356"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0716-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0873-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:1501-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:2184-1", "OPENSUSE-SU-2021:2202-1", "OPENSUSE-SU-2021:2291-1", "OPENSUSE-SU-2021:2305-1", "OPENSUSE-SU-2021:2352-1", "OPENSUSE-SU-2021:2427-1", "OPENSUSE-SU-2021:2687-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3806-1", "OPENSUSE-SU-2021:3941-1"]}, {"type": "thn", "idList": ["THN:C210D3FA71F1ED44D3BA1BF0CA368767"]}, {"type": "threatpost", "idList": ["THREATPOST:2DBC4E237FAA8188A19D53BBB3356C62", "THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C"]}, {"type": "ubuntu", "idList": ["LSN-0074-1", "LSN-0079-1", "USN-4657-1", "USN-4679-1", "USN-4680-1", "USN-4708-1", "USN-4748-1", "USN-4749-1", "USN-4750-1", "USN-4751-1", "USN-4752-1", "USN-4876-1", "USN-4877-1", "USN-4878-1", "USN-4879-1", "USN-4884-1", "USN-4945-1", "USN-4945-2", "USN-4946-1", "USN-4947-1", "USN-4948-1", "USN-4949-1", "USN-4950-1", "USN-4977-1", "USN-4979-1", "USN-4997-1", "USN-4997-2", "USN-4999-1", "USN-5000-1", "USN-5000-2", "USN-5001-1", "USN-5003-1", "USN-5015-1", "USN-5017-1", "USN-5018-1", "USN-5044-1", "USN-5045-1", "USN-5046-1", "USN-5050-1", "USN-5091-1", "USN-5091-2", "USN-5091-3", "USN-5092-1", "USN-5092-2", "USN-5092-3", "USN-5094-1", "USN-5094-2", "USN-5096-1", "USN-5113-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-24586", "UB:CVE-2020-24587", "UB:CVE-2020-24588", "UB:CVE-2020-26140", "UB:CVE-2020-26141", "UB:CVE-2020-26143", "UB:CVE-2020-26144", "UB:CVE-2020-26145", "UB:CVE-2020-26146", "UB:CVE-2020-26147", "UB:CVE-2020-36386", "UB:CVE-2021-0129", "UB:CVE-2021-23133", "UB:CVE-2021-29155", "UB:CVE-2021-29646", "UB:CVE-2021-29650", "UB:CVE-2021-31440", "UB:CVE-2021-31829", "UB:CVE-2021-31916", "UB:CVE-2021-33200", "UB:CVE-2021-3489", "UB:CVE-2021-3564", "UB:CVE-2021-3573", "UB:CVE-2021-3659", "UB:CVE-2021-3679", "UB:CVE-2021-3732"]}, {"type": "zdi", "idList": ["ZDI-21-503", "ZDI-21-590"]}]}, "exploitation": null, "vulnersScore": 0.4}, "_state": {"dependencies": 1660032824, "score": 1660033602}, "_internal": {"score_hash": "4c1dd6bb014f5a78138ddb9b1fb86f32"}, "pluginID": "155425", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4356.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155425);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4356 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an\n attacker with a local account to leak information about kernel internal addresses. The highest threat from\n this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the\n context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and\n WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to\n inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was\n found in the way user uses trace ring buffer in a specific way. Only privileged local users (with\n CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and\n WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can\n abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042\n (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations\n reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate\n selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the\n WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by\n design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-\n bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial\n of service via local access. (CVE-2020-24502)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version\n 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write access because of a race condition in a THP\n mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with\n root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does\n not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4356.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-348.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-4356');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-3489", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-11-16T00:00:00", "vulnerabilityPublicationDate": "2020-09-17T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2022-07-12T18:39:51", "description": "[4.18.0-348.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-348]\n- drm/nouveau/fifo/ga102: initialise chid on return from channel creation (Ben Skeggs) [1997878]\n- drm/nouveau/ga102-: support ttm buffer moves via copy engine (Ben Skeggs) [1997878]\n- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (Ben Skeggs) [1997878]\n- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (Ben Skeggs) [1997878]\n- drm/nouveau/disp: power down unused DP links during init (Ben Skeggs) [1997878]\n- drm/nouveau: recognise GA107 (Ben Skeggs) [1997878]\n[4.18.0-347]\n- PCI: Mark TI C667X to avoid bus reset (Alex Williamson) [1975768]\n[4.18.0-346]\n- redhat: switch secureboot kernel image signing to release keys (Bruno Meneguele)\n- CI: handle RT branches in a single config (Veronika Kabatova)\n- CI: Fix RT check branch name (Veronika Kabatova)\n- CI: Drop private CI config (Veronika Kabatova)\n- CI: extend template use (Veronika Kabatova)\n- Revert 'Merge: mt7921e: enable new Mediatek wireless hardware' (Bruno Meneguele) [2009501]\n- megaraid_sas: fix concurrent access to ISR between IRQ polling and real interrupt (Tomas Henzl) [2009022]\n- scsi: megaraid_sas: mq_poll support (Tomas Henzl) [2009022]\n- [PATCH v2] scsi: qla2xxx: Suppress unnecessary log messages during login (Nilesh Javali) [1982186]\n- scsi: qla2xxx: Fix excessive messages during device logout (Nilesh Javali) [1982186]\n- PCI: pciehp: Ignore Link Down/Up caused by DPC (Myron Stowe) [1981741]\n- arm64: kpti: Fix 'kpti=off' when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Fix CONFIG_ARCH_RANDOM=n build (Mark Salter) [1979731]\n- redhat/configs: aarch64: add CONFIG_ARCH_RANDOM (Mark Salter) [1979731]\n- arm64: Implement archrandom.h for ARMv8.5-RNG (Mark Salter) [1979731]\n- arm64: kconfig: Fix alignment of E0PD help text (Mark Salter) [1979731]\n- arm64: Use register field helper in kaslr_requires_kpti() (Mark Salter) [1979731]\n- arm64: Simplify early check for broken TX1 when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Use a variable to store non-global mappings decision (Mark Salter) [1979731]\n- arm64: Dont use KPTI where we have E0PD (Mark Salter) [1979731]\n- arm64: Factor out checks for KASLR in KPTI code into separate function (Mark Salter) [1979731]\n- redhat/configs: Add CONFIG_ARM64_E0PD (Mark Salter) [1979731]\n- arm64: Add initial support for E0PD (Mark Salter) [1979731]\n- arm64: cpufeature: Export matrix and other features to userspace (Mark Salter) [1980098]\n- arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Rewrite bitfields that dont follow [e, s] (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Documents missing visible fields (Mark Salter) [1980098]\n- arm64: Introduce system_capabilities_finalized() marker (Mark Salter) [1980098]\n- arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: Document HWCAP_SB (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: sort the HWCAP{, 2} documentation by ascending value (Mark Salter) [1980098]\n- arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled (Mark Salter) [1980098]\n- arm64: cpufeature: Effectively expose FRINT capability to userspace (Mark Salter) [1980098]\n- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (Mark Salter) [1980098]\n- arm64: Expose FRINT capabilities to userspace (Mark Salter) [1980098]\n- arm64: Expose ARMv8.5 CondM capability to userspace (Mark Salter) [1980098]\n- docs: arm64: convert perf.txt to ReST format (Mark Salter) [1980098]\n- docs: arm64: convert docs to ReST and rename to .rst (Mark Salter) [1980098]\n- Documentation/arm64: HugeTLB page implementation (Mark Salter) [1980098]\n- Documentation/arm64/sve: Couple of improvements and typos (Mark Salter) [1980098]\n- arm64: cpufeature: Fix missing ZFR0 in __read_sysreg_by_encoding() (Mark Salter) [1980098]\n- arm64: Expose SVE2 features for userspace (Mark Salter) [1980098]\n- arm64: Advertise ARM64_HAS_DCPODP cpu feature (Mark Salter) [1980098]\n- arm64: add CVADP support to the cache maintenance helper (Mark Salter) [1980098]\n- arm64: Fix minor issues with the dcache_by_line_op macro (Mark Salter) [1980098]\n- arm64: Expose DC CVADP to userspace (Mark Salter) [1980098]\n- arm64: Handle trapped DC CVADP (Mark Salter) [1980098]\n- arm64: HWCAP: encapsulate elf_hwcap (Mark Salter) [1980098]\n- arm64: HWCAP: add support for AT_HWCAP2 (Mark Salter) [1980098]\n- x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Aristeu Rozanski) [1965331]\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Aristeu Rozanski) [1965331]\n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Aristeu Rozanski) [1965331]\n[4.18.0-345]\n- e1000e: Do not take care about recovery NVM checksum (Ken Cox) [1984558]\n- qrtr: disable CONFIG_QRTR for non x86_64 archs (inigo Huguet) [1999642]\n- ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() (Jeff Layton) [1989999]\n- ceph: fix dereference of null pointer cf (Jeff Layton) [1989999]\n- ceph: correctly handle releasing an embedded cap flush (Jeff Layton) [1989999]\n- ceph: take snap_empty_lock atomically with snaprealm refcount change (Jeff Layton) [1989999]\n- ceph: dont WARN if were still opening a session to an MDS (Jeff Layton) [1989999]\n- rbd: dont hold lock_rwsem while running_list is being drained (Jeff Layton) [1989999]\n- rbd: always kick acquire on 'acquired' and 'released' notifications (Jeff Layton) [1989999]\n- ceph: take reference to req->r_parent at point of assignment (Jeff Layton) [1989999]\n- ceph: eliminate ceph_async_iput() (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in ceph_flush_snaps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in try_flush_caps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex or snap_rwsem in ceph_check_caps (Jeff Layton) [1989999]\n- ceph: eliminate session->s_gen_ttl_lock (Jeff Layton) [1989999]\n- ceph: allow ceph_put_mds_session to take NULL or ERR_PTR (Jeff Layton) [1989999]\n- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (Jeff Layton) [1989999]\n- ceph: add some lockdep assertions around snaprealm handling (Jeff Layton) [1989999]\n- ceph: decoding error in ceph_update_snap_realm should return -EIO (Jeff Layton) [1989999]\n- ceph: add IO size metrics support (Jeff Layton) [1989999]\n- ceph: update and rename __update_latency helper to __update_stdev (Jeff Layton) [1989999]\n- ceph: simplify the metrics struct (Jeff Layton) [1989999]\n- libceph: fix doc warnings in cls_lock_client.c (Jeff Layton) [1989999]\n- libceph: remove unnecessary ret variable in ceph_auth_init() (Jeff Layton) [1989999]\n- libceph: kill ceph_none_authorizer::reply_buf (Jeff Layton) [1989999]\n- ceph: make ceph_queue_cap_snap static (Jeff Layton) [1989999]\n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) [1989999]\n- libceph: set global_id as soon as we get an auth ticket (Jeff Layton) [1989999]\n- libceph: dont pass result into ac->ops->handle_reply() (Jeff Layton) [1989999]\n- ceph: fix error handling in ceph_atomic_open and ceph_lookup (Jeff Layton) [1989999]\n- ceph: must hold snap_rwsem when filling inode for async create (Jeff Layton) [1989999]\n- libceph: Fix spelling mistakes (Jeff Layton) [1989999]\n- libceph: dont set global_id until we get an auth ticket (Jeff Layton) [1989999]\n- libceph: bump CephXAuthenticate encoding version (Jeff Layton) [1989999]\n- ceph: dont allow access to MDS-private inodes (Jeff Layton) [1989999]\n- ceph: fix up some bare fetches of i_size (Jeff Layton) [1989999]\n- ceph: support getting ceph.dir.rsnaps vxattr (Jeff Layton) [1989999]\n- ceph: drop pinned_page parameter from ceph_get_caps (Jeff Layton) [1989999]\n- ceph: fix inode leak on getattr error in __fh_to_dentry (Jeff Layton) [1989999]\n- ceph: only check pool permissions for regular files (Jeff Layton) [1989999]\n- ceph: send opened files/pinned caps/opened inodes metrics to MDS daemon (Jeff Layton) [1989999]\n- ceph: avoid counting the same request twice or more (Jeff Layton) [1989999]\n- ceph: rename the metric helpers (Jeff Layton) [1989999]\n- ceph: fix kerneldoc copypasta over ceph_start_io_direct (Jeff Layton) [1989999]\n- ceph: dont use d_add in ceph_handle_snapdir (Jeff Layton) [1989999]\n- ceph: dont clobber i_snap_caps on non-I_NEW inode (Jeff Layton) [1989999]\n- ceph: fix fall-through warnings for Clang (Jeff Layton) [1989999]\n- net: ceph: Fix a typo in osdmap.c (Jeff Layton) [1989999]\n- ceph: dont allow type or device number to change on non-I_NEW inodes (Jeff Layton) [1989999]\n- ceph: defer flushing the capsnap if the Fb is used (Jeff Layton) [1989999]\n- ceph: allow queueing cap/snap handling after putting cap references (Jeff Layton) [1989999]\n- ceph: clean up inode work queueing (Jeff Layton) [1989999]\n- ceph: fix flush_snap logic after putting caps (Jeff Layton) [1989999]\n- libceph: fix 'Boolean result is used in bitwise operation' warning (Jeff Layton) [1989999]\n- new helper: inode_wrong_type() (Jeff Layton) [1989999]\n- kabi: Adding symbol single_release (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol single_open (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_read (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_printf (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_lseek (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol unregister_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_init (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_del (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_alloc (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_add (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol alloc_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol pcie_capability_read_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_read_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_clear_and_set_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_set_power_state (drivers/pci/pci.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_irq_vector (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_get_device (drivers/pci/search.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_free_irq_vectors (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_alloc_irq_vectors_affinity (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol kexec_crash_loaded (kernel/kexec_core.c) (cestmir Kalina) [1945491]\n[4.18.0-344]\n- perf/x86/intel: Fix PEBS-via-PT reload base value for Extended PEBS (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Fix Add BW copypasta (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown (Michael Petlan) [1998051]\n- Revert 'ice: Add initial support framework for LAG' (Michal Schmidt) [1999016]\n- net: re-initialize slow_gro flag at gro_list_prepare time (Paolo Abeni) [2002367]\n- cxgb4: dont touch blocked freelist bitmap after free (Rahul Lakkireddy) [1998148]\n- cxgb4vf: configure ports accessible by the VF (Rahul Lakkireddy) [1961329]\n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (Dick Kennedy) [1976332]\n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (Dick Kennedy) [1976332]\n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Dick Kennedy) [1976332]\n[4.18.0-343]\n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [1997500]\n- mt76: connac: do not schedule mac_work if the device is not running (Inigo Huguet) [1956419 1972045]\n- mt7921e: enable module in config (Inigo Huguet) [1956419 1972045]\n- Revert tools/power/cpupower: Read energy_perf_bias from sysfs (Steve Best) [1999926]\n- libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (Jeff Moyer) [1795719]\n- libnvdimm/pfn_dev: Dont clear device memmap area during generic namespace probe (Jeff Moyer) [1795719]\n- perf/x86/intel/uncore: Clean up error handling path of iio mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix for iio mapping on Skylake Server (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MMIO type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the PCI type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Rename uncore_notifier to uncore_pci_sub_notifier (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MSR type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Parse uncore discovery tables (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Wrap the max dies calculation into an accessor (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Validate MMIO address before accessing (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Record the size of mapped area (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (Michael Petlan) [1837330]\n- crypto: qat - remove unused macro in FW loader (Vladis Dronov) [1920086]\n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Vladis Dronov) [1920086]\n- crypto: qat - report an error if MMP file size is too large (Vladis Dronov) [1920086]\n- crypto: qat - check MMP size before writing to the SRAM (Vladis Dronov) [1920086]\n- crypto: qat - return error when failing to map FW (Vladis Dronov) [1920086]\n- crypto: qat - enable detection of accelerators hang (Vladis Dronov) [1920086]\n- crypto: qat - Fix a double free in adf_create_ring (Vladis Dronov) [1920086]\n- crypto: qat - fix error path in adf_isr_resource_alloc() (Vladis Dronov) [1920086]\n- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (Vladis Dronov) [1920086]\n- crypto: qat - dont release uninitialized resources (Vladis Dronov) [1920086]\n- crypto: qat - fix use of 'dma_map_single' (Vladis Dronov) [1920086]\n- crypto: qat - fix unmap invalid dma address (Vladis Dronov) [1920086]\n- crypto: qat - fix spelling mistake: 'messge' -> 'message' (Vladis Dronov) [1920086]\n- crypto: qat - reduce size of mapped region (Vladis Dronov) [1920086]\n- crypto: qat - change format string and cast ring size (Vladis Dronov) [1920086]\n- crypto: qat - fix potential spectre issue (Vladis Dronov) [1920086]\n- crypto: qat - configure arbiter mapping based on engines enabled (Vladis Dronov) [1920086]\n[4.18.0-342]\n- selftest: netfilter: add test case for unreplied tcp connections (Florian Westphal) [1991523]\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [1991523]\n- net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1980537]\n- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [1999743]\n- perf evsel: Add missing cloning of evsel->use_config_name (Michael Petlan) [1838635]\n- perf Documentation: Document intel-hybrid support (Michael Petlan) [1838635]\n- perf tests: Skip 'perf stat metrics (shadow stat) test' for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Convert perf time to TSC' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Session topology' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Parse and process metrics' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Track with sched_switch' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Skip 'Setup struct perf_event_attr' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Roundtrip evsel->name' test (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Parse event definition strings' test (Michael Petlan) [1838635]\n- perf record: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf stat: Warn group events from different hybrid PMU (Michael Petlan) [1838635]\n- perf stat: Filter out unmatched aggregation for hybrid event (Michael Petlan) [1838635]\n- perf stat: Add default hybrid events (Michael Petlan) [1838635]\n- perf record: Create two hybrid 'cycles' events by default (Michael Petlan) [1838635]\n- perf parse-events: Support event inside hybrid pmu (Michael Petlan) [1838635]\n- perf parse-events: Compare with hybrid pmu name (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid raw events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid cache events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid hardware events (Michael Petlan) [1838635]\n- perf stat: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf pmu: Add hybrid helper functions (Michael Petlan) [1838635]\n- perf pmu: Save detected hybrid pmus to a global pmu list (Michael Petlan) [1838635]\n- perf pmu: Save pmu name (Michael Petlan) [1838635]\n- perf pmu: Simplify arguments of __perf_pmu__new_alias (Michael Petlan) [1838635]\n- perf jevents: Support unit value 'cpu_core' and 'cpu_atom' (Michael Petlan) [1838635]\n- tools headers uapi: Update toolss copy of linux/perf_event.h (Michael Petlan) [1838635]\n[4.18.0-341]\n- mptcp: Only send extra TCP acks in eligible socket states (Paolo Abeni) [1997178]\n- mptcp: fix possible divide by zero (Paolo Abeni) [1997178]\n- mptcp: drop tx skb cache (Paolo Abeni) [1997178]\n- mptcp: fix memory leak on address flush (Paolo Abeni) [1997178]\n- ice: Only lock to update netdev dev_addr (Michal Schmidt) [1995868]\n- ice: restart periodic outputs around time changes (Ken Cox) [1992750]\n- ice: Fix perout start time rounding (Ken Cox) [1992750]\n- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (Davide Caratti) [1981184]\n- ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [1993131] {CVE-2021-3732}\n- gfs2: Dont call dlm after protocol is unmounted (Bob Peterson) [1997193]\n- gfs2: dont stop reads while withdraw in progress (Bob Peterson) [1997193]\n- gfs2: Mark journal inodes as 'dont cache' (Bob Peterson) [1997193]\n- bpf: bpftool: Add -fno-asynchronous-unwind-tables to BPF Clang invocation (Yauheni Kaliuta) [1997124]\n- perf/x86/intel: Apply mid ACK for small core (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Zero the xstate buffer on allocation (Michael Petlan) [1838573]\n- perf: Fix task context PMU for Hetero (Michael Petlan) [1838573]\n- perf/x86/intel: Fix fixed counter check warning for some Alder Lake (Michael Petlan) [1838573]\n- perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context (Michael Petlan) [1838573]\n- x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs (Michael Petlan) [1838573]\n- perf/x86/rapl: Add support for Intel Alder Lake (Michael Petlan) [1838573]\n- perf/x86/cstate: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/msr: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/intel/uncore: Add Alder Lake support (Michael Petlan) [1838573]\n- perf: Extend PERF_TYPE_HARDWARE and PERF_TYPE_HW_CACHE (Michael Petlan) [1838573]\n- perf/x86/intel: Add Alder Lake Hybrid support (Michael Petlan) [1838573]\n- perf/x86: Support filter_match callback (Michael Petlan) [1838573]\n- perf/x86/intel: Add attr_update for Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Add structures for the attributes of Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Register hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Factor out x86_pmu_show_pmu_cap (Michael Petlan) [1838573]\n- perf/x86: Remove temporary pmu assignment in event_init (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_extra_regs (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_event_constraints (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_num_counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for extra_regs (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for event constraints (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for hardware cache event (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for unconstrained (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for intel_ctrl (Michael Petlan) [1838573]\n- perf/x86/intel: Hybrid PMU support for perf capabilities (Michael Petlan) [1838573]\n- perf/x86: Track pmu in per-CPU cpu_hw_events (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES for arch LBR read (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES/XRSTORS for LBR context switch (Michael Petlan) [1838573]\n- x86/fpu/xstate: Add helpers for LBR dynamic supervisor feature (Michael Petlan) [1838573]\n- x86/fpu/xstate: Support dynamic supervisor feature for LBR (Michael Petlan) [1838573]\n- x86/fpu: Use proper mask to replace full instruction mask (Michael Petlan) [1838573]\n- x86/cpu: Add helper function to get the type of the current hybrid CPU (Michael Petlan) [1838573]\n- x86/cpufeatures: Enumerate Intel Hybrid Technology feature bit (Michael Petlan) [1838573]\n- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974942]\n- ACPI: PM: s2idle: Invert Microsoft UUID entry and exit (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix undefined reference to __udivdi3 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (David Arcari) [1960440]\n- platform/x86: amd-pmc: Use return code on suspend (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add new acpi id for future PMC controllers (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for ACPI ID AMDI0006 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging s0ix counters (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging SMU metrics (David Arcari) [1960440]\n- platform/x86: amd-pmc: call dump registers only once (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix command completion code (David Arcari) [1960440]\n- usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir (David Arcari) [1960440]\n- ACPI: PM: Only mark EC GPE for wakeup on Intel systems (David Arcari) [1960440]\n- ACPI: PM: Adjust behavior for field problems on AMD systems (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for new Microsoft UUID (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for multiple func mask (David Arcari) [1960440]\n- ACPI: PM: s2idle: Refactor common code (David Arcari) [1960440]\n- ACPI: PM: s2idle: Use correct revision id (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add missing LPS0 functions for AMD (David Arcari) [1960440]\n- lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [1986138]\n[4.18.0-340]\n- blk-mq: fix is_flush_rq (Ming Lei) [1992700]\n- blk-mq: fix kernel panic during iterating over flush request (Ming Lei) [1992700]\n[4.18.0-339]\n- smb2: fix use-after-free in smb2_ioctl_query_info() (Ronnie Sahlberg) [1952781]\n- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (Mike Snitzer) [1996854]\n- md/raid10: Remove rcu_dereference when it doesnt need rcu lock to protect (Nigel Croxon) [1978115]\n- scsi: csiostor: Mark known unused variable as __always_unused (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (Raju Rangoju) [1961333]\n- scsi: csiostor: Remove set but not used variable 'rln' (Raju Rangoju) [1961333]\n- scsi: csiostor: Return value not required for csio_dfs_destroy (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix NULL check before debugfs_remove_recursive (Raju Rangoju) [1961333]\n- scsi: csiostor: Dont enable IRQs too early (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix spelling typos (Raju Rangoju) [1961333]\n- scsi: csiostor: Prefer pcie_capability_read_word() (Raju Rangoju) [1961333]\n- scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() (Raju Rangoju) [1961394]\n- net: Use skb_frag_off accessors (Raju Rangoju) [1961394]\n- net: Use skb accessors in network drivers (Raju Rangoju) [1961394]\n- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Use kvzalloc instead of opencoded kzalloc/vzalloc (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Remove unnecessary NULL checks for 'tdata' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove an unnecessary NULL check for 'cconn' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Clean up a debug printk (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked (Raju Rangoju) [1961394]\n- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: remove unused function to stop warning (Raju Rangoju) [1961394]\n- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (Raju Rangoju) [1961394]\n- net/chelsio: Delete drive and module versions (Raju Rangoju) [1961394]\n- chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1961394]\n- [netdrv] treewide: prefix header search paths with / (Raju Rangoju) [1961394]\n- libcxgb: fix incorrect ppmax calculation (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix TLS dependency (Raju Rangoju) [1961394]\n- [target] treewide: Use fallthrough pseudo-keyword (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Add support for iSCSI segmentation offload (Raju Rangoju) [1961394]\n- [target] treewide: Use sizeof_field() macro (Raju Rangoju) [1961394]\n- [target] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove superfluous null check (Raju Rangoju) [1961394]\n[4.18.0-338]\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}\n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}\n- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]\n- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]\n- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]\n- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]\n- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]\n- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]\n- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]\n- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]\n- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]\n[4.18.0-337]\n- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]\n- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]\n- openvswitch: fix alignment issues (Mark Gray) [1992773]\n- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]\n- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]\n- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]\n- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]\n- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]\n- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]\n- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]\n- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]\n- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]\n- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]\n- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]\n- scsi: fc: FDMI enhancement (Chris Leech) [1972643]\n- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]\n- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]\n- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]\n- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]\n- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]\n- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]\n- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]\n- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]\n- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]\n- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]\n- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]\n- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]\n- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]\n- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]\n- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]\n- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]\n- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]\n- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]\n- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]\n- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]\n- drm/amdgpu: Dont query CE and UE errors (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]\n- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]\n- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]\n- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]\n- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]\n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]\n- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]\n- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]\n- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]\n- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]\n- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]\n- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]\n- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]\n- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]\n- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]\n- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]\n- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]\n- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]\n- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]\n- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]\n- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]\n- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]\n- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]\n- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]\n- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]\n- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]\n- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]\n- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]\n- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]\n- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]\n- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]\n- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]\n- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]\n- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]\n- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]\n- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]\n- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]\n- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]\n- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]\n[4.18.0-336]\n- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]\n- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]\n- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]\n- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]\n- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]\n- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]\n- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]\n- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]\n- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]\n- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]\n- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]\n- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]\n- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]\n- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]\n- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]\n- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]\n- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]\n- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]\n- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]\n- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]\n- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]\n- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]\n- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]\n- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]\n- mt76: validate rx A-MSDU subframes (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath11k: Drop multicast fragments (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath11k: Clear the fragment cache during key install (Inigo Huguet) [1991459] {CVE-2020-24587}\n- ath10k: Validate first subframe of A-MSDU before processing the list (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath10k: Fix TKIP Michael MIC verification for PCIe (Inigo Huguet) [1991459] {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Inigo Huguet) [1991459] {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Inigo Huguet) [1991459]\n- mac80211: extend protection against mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Inigo Huguet) [1991459] {CVE-2020-26139}\n- mac80211: prevent attacks on TKIP/WEP as well (Inigo Huguet) [1991459] {CVE-2020-26141}\n- mac80211: check defrag PN against current frame (Inigo Huguet) [1991459]\n- mac80211: add fragment cache to sta_info (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: drop A-MSDUs on old ciphers (Inigo Huguet) [1991459] {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Inigo Huguet) [1991459]\n- mac80211: prevent mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: assure all fragments are encrypted (Inigo Huguet) [1991459] {CVE-2020-26147}\n- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]\n- mptcp: remove tech preview warning (Florian Westphal) [1985120]\n- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]\n- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]\n- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]\n- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]\n- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]\n- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]\n- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]\n- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]\n- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]\n- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]\n- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]\n- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]\n- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]\n- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]\n- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]\n- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]\n- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]\n- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]\n- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]\n- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]\n- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]\n- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]\n- dmagenine: idxd: Dont add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]\n- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]\n- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]\n- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]\n- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]\n- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]\n- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]\n- tun: fix memory leak in error path (Andrea Claudi) [1859038]\n- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]\n- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]\n- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]\n- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]\n- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]\n- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]\n- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]\n- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]\n- ch_ktls: fix device connection close (Raju Rangoju) [1961374]\n- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]\n- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]\n- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]\n- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]\n- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]\n- ch_ktls: lock is not freed (Raju Rangoju) [1961374]\n- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]\n- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]\n- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]\n- ch_ktls: dont free skb before sending FIN (Raju Rangoju) [1961374]\n- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]\n- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]\n- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]\n- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]\n- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]\n- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]\n- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]\n- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]\n- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]\n- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]\n- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]\n- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]\n- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]\n- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]\n- crypto/chcr: Moving chelsios inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]\n- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]\n- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]\n- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]\n- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]\n- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]\n- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]\n- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]\n- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]\n- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]\n- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]\n- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]\n- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]\n- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]\n- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]\n- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]\n- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]\n- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4356", "href": "http://linux.oracle.com/errata/ELSA-2021-4356.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:27:40", "description": "[5.4.17-2102.204.4.2]\n- rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447]\n- rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] \n- rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] \n- arm64: mm: kdump: Fix /proc/kcore (Henry Willard) [Orabug: 32570847]\n[5.4.17-2102.204.4]\n- Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33167303] \n- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165876] \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] \n- rds: ib: Increase entropy of RDMA IOVAs (Hakon Bugge) [Orabug: 33104687]\n[5.4.17-2102.204.3]\n- rds: Check for illegal flags when creating an MR (Hakon Bugge) [Orabug: 33144338] \n- seq_file: disallow extremely large seq buffer allocations (Eric Sandeen) [Orabug: 33135632] {CVE-2021-33909}\n[5.4.17-2102.204.2]\n- RDMA/core/sa_query: Remove unused argument (Hakon Bugge) [Orabug: 33113136] \n- RDMA/cma: Fix incorrect Packet Lifetime calculation (Hakon Bugge) [Orabug: 33113136] \n- RDMA: Remove a few extra calls to ib_get_client_data() (Jason Gunthorpe) [Orabug: 33113136] \n- RDMA/cma: Protect RMW with qp_mutex (Hakon Bugge) [Orabug: 33113136] \n- IB/cma: Introduce rdma_set_min_rnr_timer() (Hakon Bugge) [Orabug: 33113136] \n- RDMA/iwcm: Allow AFONLY binding for IPv6 addresses (Bernard Metzler) [Orabug: 33113136] \n- RDMA/cma: Remove unnecessary INIT->INIT transition (Hakon Bugge) [Orabug: 33113136] \n- RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 33113136] \n- crypto: ccp - Dont initialize SEV support without the SEV feature (Venu Busireddy) [Orabug: 33110762] \n- xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] \n- ext4: use ext4_grp_locked_error in mb_find_extent (Stephen Brennan) [Orabug: 33042746] \n- PCI/ERR: Retain status from error notification (Keith Busch) [Orabug: 32995246] \n- perf maps: Do not use an rbtree to sort by map name (Arnaldo Carvalho de Melo) [Orabug: 32726674] \n- block: return the correct bvec when checking for gaps (Long Li) [Orabug: 33000789]\n[5.4.17-2102.204.1]\n- LTS tag: v5.4.128 (Jack Vogel) \n- ARM: OMAP: replace setup_irq() by request_irq() (afzal mohammed) \n- KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read (Eric Auger) \n- tools headers UAPI: Sync linux/in.h copy with the kernel sources (Arnaldo Carvalho de Melo) \n- net: fec_ptp: add clock rate zero check (Fugang Duan) \n- net: stmmac: disable clocks in stmmac_remove_config_dt() (Joakim Zhang) \n- mm/slub.c: include swab.h (Andrew Morton) \n- mm/slub: fix redzoning for small allocations (Kees Cook) \n- mm/slub: clarify verification reporting (Kees Cook) \n- net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov) \n- net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov) \n- net: ll_temac: Fix TX BD buffer overwrite (Esben Haabendal) \n- net: ll_temac: Make sure to free skb when it is completely used (Esben Haabendal) \n- drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue. (Yifan Zhang) \n- drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell. (Yifan Zhang) \n- cfg80211: avoid double free of PMSR request (Avraham Stern) \n- cfg80211: make certificate generation more robust (Johannes Berg) \n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee) \n- x86/fpu: Reset state for all signal restore failures (Thomas Gleixner) \n- x86/pkru: Write hardware init value to PKRU when xstate is init (Thomas Gleixner) \n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Thomas Gleixner) \n- ARCv2: save ABI registers across signal handling (Vineet Gupta) \n- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (Sean Christopherson) \n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun) \n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna) \n- PCI: aardvark: Fix kernel panic during PIO transfer (Pali Rohar) \n- PCI: aardvark: Dont rely on jiffies while holding spinlock (Remi Pommarel) \n- PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni) \n- PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen) \n- tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware)) \n- tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware)) \n- tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware)) \n- usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn) \n- can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin) \n- can: j1939: fix Use-after-Free, hold skb ref while in use (Oleksij Rempel) \n- can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa) \n- can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) \n- hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu) \n- radeon: use memcpy_to/fromio for UVD fw upload (Chen Li) \n- pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled (Sergio Paracuellos) \n- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (Patrice Chotard) \n- ASoC: rt5659: Fix the lost powers for the HDA header (Jack Yu) \n- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (Axel Lin) \n- net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin) \n- icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen) \n- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (Somnath Kotur) \n- bnxt_en: Rediscover PHY capabilities after firmware reset (Michael Chan) \n- cxgb4: fix wrong shift. (Pavel Machek) \n- net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) \n- net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin) \n- be2net: Fix an error handling path in be_probe() (Christophe JAILLET) \n- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet) \n- net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan) \n- net: fec_ptp: fix issue caused by refactor the fec_devtype (Joakim Zhang) \n- net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu) \n- lantiq: net: fix duplicated skb in rx descriptor ring (Aleksander Jan Bajkowski) \n- net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski) \n- ptp: improve max_adj check against unreasonable values (Jakub Kicinski) \n- net: qrtr: fix OOB Read in qrtr_endpoint_post (Pavel Skripkin) \n- netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET) \n- qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET) \n- net: make get_net_ns return error if NET_NS is disabled (Changbin Du) \n- net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang) \n- alx: Fix an error handling path in alx_probe() (Christophe JAILLET) \n- sch_cake: Fix out of bounds when parsing TCP options and header (Maxim Mikityanskiy) \n- netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy) \n- net/mlx5e: Block offload of outer header csum for UDP tunnels (Aya Levin) \n- net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) \n- net/mlx5: Consider RoCE cap before init RDMA resources (Maor Gottlieb) \n- net/mlx5e: Fix page reclaim for dead peer hairpin (Dima Chumak) \n- net/mlx5e: Remove dependency in IPsec initialization flows (Huy Nguyen) \n- net/sched: act_ct: handle DNAT tuple collision (Marcelo Ricardo Leitner) \n- rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel) \n- udp: fix race between close() and udp_abort() (Paolo Abeni) \n- net: lantiq: disable interrupt before sheduling NAPI (Aleksander Jan Bajkowski) \n- net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin) \n- vrf: fix maximum MTU (Nicolas Dichtel) \n- net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun) \n- batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann) \n- kvm: LAPIC: Restore guard to prevent illegal APIC register access (Jim Mattson) \n- mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun) \n- afs: Fix an IS_ERR() vs NULL check (Dan Carpenter) \n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang) \n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap) \n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap) \n- LTS tag: v5.4.127 (Jack Vogel) \n- fib: Return the correct errno code (Zheng Yongjun) \n- net: Return the correct errno code (Zheng Yongjun) \n- net/x25: Return the correct errno code (Zheng Yongjun) \n- rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong) \n- drm/amd/display: Allow bandwidth validation for 0 streams. (Bindu Ramamurthy) \n- net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett) \n- nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke) \n- nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke) \n- nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke) \n- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (Ewan D. Milne) \n- scsi: qedf: Do not put host in qedf_vport_create() unconditionally (Daniel Wagner) \n- ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong) \n- scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi) \n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton) \n- riscv: Use -mno-relax when using lld linker (Khem Raj) \n- HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- gfs2: Prevent direct-I/O write fallback errors from getting lost (Andreas Gruenbacher) \n- ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu) \n- drm/tegra: sor: Do not leak runtime PM reference (Pavel Machek (CIP)) \n- HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam) \n- HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis) \n- HID: multitouch: set Stylus suffix for Stylus-application devices, too (Ahelenia Ziemianska) \n- HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada) \n- HID: hid-input: add mapping for emoji picker key (Dmitry Torokhov) \n- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (Nirenjan Krishnan) \n- net: ieee802154: fix null deref in parse dev addr (Dan Robertson) \n- LTS tag: v5.4.126 (Jack Vogel) \n- proc: only require mm_struct for writing (Linus Torvalds) \n- tracing: Correct the length check which causes memory corruption (Liangyan) \n- ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware)) \n- scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei) \n- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei) \n- scsi: core: Fix failure handling of scsi_add_host_with_dma() (Ming Lei) \n- scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei) \n- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. (Dai Ngo) \n- NFSv4: Fix second deadlock in nfs4_evict_inode() (Trond Myklebust) \n- NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker) \n- kvm: fix previous commit for 32-bit builds (Paolo Bonzini) \n- perf session: Correct buffer copying when peeking events (Leo Yan) \n- NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (Trond Myklebust) \n- NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter) \n- IB/mlx5: Fix initializing CQ fragments buffer (Alaa Hleihel) \n- KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message (Sean Christopherson) \n- sched/fair: Make sure to update tg contrib for blocked load (Vincent Guittot) \n- perf: Fix data race between pin_count increment/decrement (Marco Elver) \n- vmlinux.lds.h: Avoid orphan section with !SMP (Nathan Chancellor) \n- RDMA/mlx4: Do not map the core_clock page to user space unless enabled (Shay Drory) \n- RDMA/ipoib: Fix warning caused by destroying non-initial netns (Kamal Heib) \n- usb: typec: mux: Fix copy-paste mistake in typec_mux_match (Bjorn Andersson) \n- regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko) \n- regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov) \n- usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski) \n- usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski) \n- usb: gadget: eem: fix wrong eem header operation (Linyu Yuan) \n- USB: serial: cp210x: fix alternate function for CP2102N QFN20 (Stefan Agner) \n- USB: serial: quatech2: fix control-request directions (Johan Hovold) \n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX) \n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister) \n- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng) \n- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana) \n- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (Andy Shevchenko) \n- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (Thomas Petazzoni) \n- usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu) \n- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (Kyle Tso) \n- usb: f_ncm: only first packet of aggregate needs to start timer (Maciej zenczykowski) \n- USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski) \n- cgroup1: dont allow \n in renaming (Alexander Kuznetsov) \n- btrfs: promote debugging asserts to full-fledged checks in validate_super (Nikolay Borisov) \n- btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani) \n- staging: rtl8723bs: Fix uninitialized variables (Wenli Looi) \n- kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini) \n- drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi) \n- drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi) \n- spi: bcm2835: Fix out-of-bounds access with more than 4 slaves (Lukas Wunner) \n- x86/boot: Add .text.* to setup.ld (Arvind Sankar) \n- i2c: mpc: implement erratum A-004447 workaround (Chris Packham) \n- i2c: mpc: Make use of i2c_recover_bus() (Chris Packham) \n- spi: Cleanup on failure of initial setup (Lukas Wunner) \n- spi: Dont have controller clean up spi device before driver unbind (Saravana Kannan) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham) \n- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (Sagi Grimberg) \n- bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong) \n- dm verity: fix require_signatures module_param permissions (John Keeping) \n- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang) \n- nvme-fabrics: decode host pathing error for connect (Hannes Reinecke) \n- net: dsa: microchip: enable phy errata workaround on 9567 (George McCollister) \n- net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee) \n- net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li) \n- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov) \n- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (Yang Yingliang) \n- scsi: vmw_pvscsi: Set correct residual data length (Matt Wang) \n- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma) \n- wq: handle VM suspension in stall detection (Sergey Senozhatsky) \n- cgroup: disable controllers at parse time (Shakeel Butt) \n- net: mdiobus: get rid of a BUG_ON() (Dan Carpenter) \n- netlink: disable IRQs for netlink_lock_table() (Johannes Berg) \n- bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg) \n- isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) \n- spi: sprd: Add missing MODULE_DEVICE_TABLE (Chunyan Zhang) \n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- vfio-ccw: Serialize FSM IDLE state with I/O completion (Eric Farman) \n- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (Hans de Goede) \n- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (Hans de Goede) \n- usb: cdns3: Fix runtime PM imbalance on error (Dinghao Liu) \n- net/nfc/rawsock.c: fix a permission check bug (Jeimon) \n- spi: Fix spi device unregister flow (Saravana Kannan) \n- ASoC: max98088: fix ni clock divider calculation (Marco Felsch) \n- proc: Track /proc//attr/ opener mm_struct (Kees Cook) \n- LTS tag: v5.4.125 (Jack Vogel) \n- neighbour: allow NUD_NOARP entries to be forced GCed (David Ahern) \n- i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (Roja Rani Yarubandi) \n- xen-pciback: redo VF placement in the virtual topology (Jan Beulich) \n- lib/lz4: explicitly support in-place decompression (Gao Xiang) \n- x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov) \n- x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov) \n- x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov) \n- KVM: arm64: Fix debug register indexing (Marc Zyngier) \n- KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson) \n- btrfs: fix unmountable seed device after fstrim (Anand Jain) \n- mm/filemap: fix storing to a THP shadow entry (Matthew Wilcox (Oracle)) \n- XArray: add xas_split (Matthew Wilcox (Oracle)) \n- XArray: add xa_get_order (Matthew Wilcox (Oracle)) \n- mm: add thp_order (Matthew Wilcox (Oracle)) \n- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry) \n- btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik) \n- btrfs: return errors from btrfs_del_csums in cleanup_ref_head (Josef Bacik) \n- btrfs: fix error handling in btrfs_del_csums (Josef Bacik) \n- btrfs: mark ordered extent and inode with error if we fail to finish (Josef Bacik) \n- drm/amdgpu: make sure we unpin the UVD BO (Nirmoy Das) \n- drm/amdgpu: Dont query CE and UE errors (Luben Tuikov) \n- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski) \n- ocfs2: fix data corruption by fallocate (Junxiao Bi) \n- pid: take a reference when initializing (Mark Rutland) \n- usb: dwc2: Fix build in periphal-only mode (Phil Elwell) \n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin) \n- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (Marek Vasut) \n- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (Michal Vokax) \n- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (Carlos M) \n- ALSA: timer: Fix master timer notification (Takashi Iwai) \n- HID: multitouch: require Finger field to mark Win8 reports as MT (Ahelenia Ziemianska) \n- HID: magicmouse: fix NULL-deref on disconnect (Johan Hovold) \n- HID: i2c-hid: Skip ELAN power-on command after reset (Johnny Chuang) \n- net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin) \n- net: caif: fix memory leak in caif_device_notify (Pavel Skripkin) \n- net: caif: add proper error handling (Pavel Skripkin) \n- net: caif: added cfserl_release function (Pavel Skripkin) \n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) \n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) {CVE-2021-3564}\n- tipc: fix unique bearer names sanity check (Hoang Le) \n- tipc: add extack messages for bearer/media failure (Hoang Le) \n- bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (Tony Lindgren) \n- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (Geert Uytterhoeven) \n- ARM: dts: imx7d-pico: Fix the tuning-step property (Fabio Estevam) \n- ARM: dts: imx7d-meerkat96: Fix the tuning-step property (Fabio Estevam) \n- arm64: dts: zii-ultra: fix 12V_MAIN voltage (Lucas Stach) \n- arm64: dts: ls1028a: fix memory node (Michael Walle) \n- i40e: add correct exception tracing for XDP (Magnus Karlsson) \n- i40e: optimize for XDP_REDIRECT in xsk path (Magnus Karlsson) \n- i2c: qcom-geni: Add shutdown callback for i2c (Roja Rani Yarubandi) \n- ice: Allow all LLDP packets from PF to Tx (Dave Ertman) \n- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (Brett Creeley) \n- ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (Coco Li) \n- ixgbevf: add correct exception tracing for XDP (Magnus Karlsson) \n- ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun) \n- ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei) \n- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso) \n- netfilter: nft_ct: skip expectations for confirmed conntrack (Pablo Neira Ayuso) \n- ACPICA: Clean up context mutex during object deletion (Erik Kaneda) \n- net/sched: act_ct: Fix ct template allocation for zone 0 (Ariel Levkovich) \n- HID: i2c-hid: fix format string mismatch (Arnd Bergmann) \n- HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei) \n- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov) \n- vfio/platform: fix module_put call in error flow (Max Gurtovoy) \n- samples: vfio-mdev: fix error handing in mdpy_fb_probe() (Wei Yongjun) \n- vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap) \n- vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei) \n- efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes) \n- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit) \n- netfilter: conntrack: unregister ipv4 sockopts on error unwind (Florian Westphal) \n- hwmon: (dell-smm-hwmon) Fix index values (Armin Wolf) \n- nl80211: validate key indexes for cfg80211_registered_device (Anant Thazhemadam) \n- ALSA: usb: update old-style static const declaration (Pierre-Louis Bossart) \n- net: usb: cdc_ncm: dont spew notifications (Grant Grundler) \n- btrfs: tree-checker: do not error out if extent ref hash doesnt match (Josef Bacik) \n- LTS tag: v5.4.124 (Jack Vogel) \n- usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun) \n- neighbour: Prevent Race condition in neighbour subsytem (Chinmay Agarwal) \n- net: hso: bail out on interrupt URB allocation failure (Johan Hovold) \n- Revert Revert ALSA: usx2y: Fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- net: hns3: check the return of skb_checksum_help() (Yunsheng Lin) \n- drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg) \n- i915: fix build warning in intel_dp_get_link_status() (Greg Kroah-Hartman) \n- drm/i915/display: fix compiler warning about array overrun (Linus Torvalds) \n- MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap) \n- MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap) \n- sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo) \n- net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88 (Stefan Roese) \n- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (kernel test robot) \n- ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri) \n- net: lantiq: fix memory corruption in RX ring (Aleksander Jan Bajkowski) \n- scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter) \n- ixgbe: fix large MTU request from VF (Jesse Brandeburg) \n- bpf: Set mac_len in bpf_skb_change_head (Jussi Maki) \n- ASoC: cs35l33: fix an error code in probe() (Dan Carpenter) \n- staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter) \n- cxgb4: avoid accessing registers when clearing filters (Raju Rangoju) \n- gve: Correct SKB queue index validation. (David Awogbemila) \n- gve: Upgrade memory barrier in poll routine (Catherine Sullivan) \n- gve: Add NULL pointer checks when freeing irqs. (David Awogbemila) \n- gve: Update mgmt_msix_idx if num_ntfy changes (David Awogbemila) \n- gve: Check TX QPL was actually assigned (Catherine Sullivan) \n- mld: fix panic in mld_newpack() (Taehee Yoo) \n- bnxt_en: Include new P5 HV definition in VF check. (Andy Gospodarek) \n- net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei) \n- net: hso: check for allocation failure in hso_create_bulk_serial_device() (Dan Carpenter) \n- tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (Jim Ma) \n- openvswitch: meter: fix race when getting now_ms. (Tao Liu) \n- net: mdio: octeon: Fix some double free issues (Christophe JAILLET) \n- net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET) \n- net: fec: fix the potential memory leak in fec_enet_init() (Fugang Duan) \n- net: really orphan skbs tied to closing sk (Paolo Abeni) \n- vfio-ccw: Check initialized flag in cp_init() (Eric Farman) \n- ASoC: cs42l42: Regmap must use_single_read/write (Richard Fitzgerald) \n- net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count (Vladimir Oltean) \n- net: netcp: Fix an error message (Christophe JAILLET) \n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lang Yu) \n- drm/amdgpu: Fix a use-after-free (xinhui pan) \n- drm/amd/amdgpu: fix refcount leak (Jingwen Chen) \n- drm/amd/display: Disconnect non-DP with no EDID (Chris Park) \n- SMB3: incorrect file id in requests compounded with open (Steve French) \n- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (Teava Radu) \n- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko) \n- platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K) \n- btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik) \n- openrisc: Define memory barrier mb (Peter Zijlstra) \n- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang) \n- btrfs: return whole extents in fiemap (Boris Burkov) \n- brcmfmac: properly check for bus register errors (Greg Kroah-Hartman) \n- Revert brcmfmac: add a check for the status of usb_register (Greg Kroah-Hartman) \n- net: liquidio: Add missing null pointer checks (Tom Seewald) \n- Revert net: liquidio: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman) \n- Revert media: gspca: Check the return value of write_bridge for timeout (Greg Kroah-Hartman) \n- media: gspca: mt9m111: Check write_bridge for timeout (Alaa Emad) \n- Revert media: gspca: mt9m111: Check write_bridge for timeout (Greg Kroah-Hartman) \n- media: dvb: Add check on sp8870_readreg return (Alaa Emad) \n- Revert media: dvb: Add check on sp8870_readreg (Greg Kroah-Hartman) \n- ASoC: cs43130: handle errors in cs43130_probe() properly (Greg Kroah-Hartman) \n- Revert ASoC: cs43130: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- libertas: register sysfs groups properly (Greg Kroah-Hartman) \n- Revert libertas: add checks for the return value of sysfs_create_group (Greg Kroah-Hartman) \n- dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter) \n- Revert dmaengine: qcom_hidma: Check for driver register failure (Greg Kroah-Hartman) \n- isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (Phillip Potter) \n- Revert isdn: mISDN: Fix potential NULL pointer dereference of kzalloc (Greg Kroah-Hartman) \n- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (Anirudh Rayabharam) \n- Revert ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (Greg Kroah-Hartman) \n- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter) \n- Revert isdn: mISDNinfineon: fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert ALSA: usx2y: Fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert ALSA: gus: add a check of the status of snd_ctl_add (Greg Kroah-Hartman) \n- char: hpet: add checks after calling ioremap (Tom Seewald) \n- Revert char: hpet: fix a missing check of ioremap (Greg Kroah-Hartman) \n- net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng) \n- Revert net/smc: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam) \n- Revert net: fujitsu: fix a potential NULL pointer dereference (Greg Kroah-Hartman) \n- serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan) \n- Revert serial: max310x: pass return value of spi_register_driver (Greg Kroah-Hartman) \n- Revert ALSA: sb: fix a missing check of snd_ctl_add (Greg Kroah-Hartman) \n- Revert media: usb: gspca: add a missed check for goto_low_power (Greg Kroah-Hartman) \n- gpio: cadence: Add missing MODULE_DEVICE_TABLE (Zou Wei) \n- platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng) \n- perf jevents: Fix getting maximum number of fds (Felix Fietkau) \n- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (Geert Uytterhoeven) \n- i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare) \n- i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski) \n- net: dsa: sja1105: error out on unsupported PHY mode (Vladimir Oltean) \n- net: dsa: fix a crash if ->get_sset_count() fails (Dan Carpenter) \n- net: dsa: mt7530: fix VLAN traffic leaks (DENG Qingfang) \n- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (Christophe JAILLET) \n- tipc: skb_linearize the head skb when reassembling msgs (Xin Long) \n- tipc: wait and exit until all work queues are done (Xin Long) \n- Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le) \n- net/mlx5e: Fix nullptr in add_vlan_push_action() (Dima Chumak) \n- net/mlx5e: Fix multipath lag activation (Dima Chumak) \n- drm/meson: fix shutdown crash when component not probed (Neil Armstrong) \n- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu) \n- NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust) \n- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (Trond Myklebust) \n- NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter) \n- fs/nfs: Use fatal_signal_pending instead of signal_pending (zhouchuangao) \n- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) \n- spi: spi-geni-qcom: Fix use-after-free on unbind (Lukas Wunner) \n- net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) \n- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda) \n- usb: dwc3: gadget: Properly track pending and queued SG (Thinh Nguyen) \n- thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (Srinivas Pandruvada) \n- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng) \n- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp) \n- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas) \n- USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan) \n- serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma) \n- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven) \n- serial: tegra: Fix a mask operation that is always true (Colin Ian King) \n- USB: usbfs: Dont WARN about excessively large memory allocations (Alan Stern) \n- USB: trancevibrator: fix control-request direction (Johan Hovold) \n- serial: 8250_pci: handle FL_NOIRQ board flag (Christian Gmeiner) \n- serial: 8250_pci: Add support for new HPE serial device (Randy Wright) \n- iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing) \n- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (Jonathan Cameron) \n- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error. (Jonathan Cameron) \n- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: gyro: fxas21002c: balance runtime power in error path (Rui Miguel Silva) \n- staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus) \n- mei: request autosuspend after sending rx flow control (Alexander Usyskin) \n- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman) \n- misc/uss720: fix memory leak in uss720_probe (Dongliang Mu) \n- serial: core: fix suspicious security_locked_down() call (Ondrej Mosnacek) \n- Documentation: seccomp: Fix user notification documentation (Sargun Dhillon) \n- kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman) \n- selftests/gpio: Fix build when source tree is read only (Michael Ellerman) \n- selftests/gpio: Move include of lib.mk up (Michael Ellerman) \n- selftests/gpio: Use TEST_GEN_PROGS_EXTENDED (Michael Ellerman) \n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (James Zhu) \n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (James Zhu) \n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (James Zhu) \n- dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka) \n- ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R) \n- ath10k: Fix TKIP Michael MIC verification for PCIe (Wen Gong) {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Wen Gong) {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Wen Gong) {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Wen Gong) {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Wen Gong) \n- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) \n- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) \n- mac80211: check defrag PN against current frame (Johannes Berg) \n- mac80211: add fragment cache to sta_info (Johannes Berg) \n- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) \n- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586}\n- mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147}\n- net: hso: fix control-request directions (Johan Hovold) \n- proc: Check /proc//attr/ writes against file opener (Kees Cook) \n- perf scripts python: exported-sql-viewer.py: Fix warning display (Adrian Hunter) \n- perf scripts python: exported-sql-viewer.py: Fix Array TypeError (Adrian Hunter) \n- perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report (Adrian Hunter) \n- perf intel-pt: Fix transaction abort handling (Adrian Hunter) \n- perf intel-pt: Fix sample instruction bytes (Adrian Hunter) \n- iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer) \n- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker) \n- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (Aurelien Aptel) \n- ALSA: usb-audio: scarlett2: Improve driver startup messages (Geoffrey D. Bennett) \n- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (Geoffrey D. Bennett) \n- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (Hui Wang) \n- LTS tag: v5.4.123 (Jack Vogel) \n- NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu) \n- perf unwind: Set userdata for all __report_module() paths (Dave Rigby) \n- perf unwind: Fix separate debug info files when using elfutils libdws unwinder (Jan Kratochvil) \n- usb: dwc3: gadget: Enable suspend events (Jack Pham) \n- bpf: No need to simulate speculative domain for immediates (Daniel Borkmann) \n- bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann) \n- bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann) \n- LTS tag: v5.4.122 (Jack Vogel) \n- Bluetooth: SMP: Fail if remote and local public keys are identical (Luiz Augusto von Dentz) \n- video: hgafb: correctly handle card detect failure during probe (Anirudh Rayabharam) \n- nvmet: use new ana_log_size instead the old one (Hou Pu) \n- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (Luiz Augusto von Dentz) \n- ext4: fix error handling in ext4_end_enable_verity() (Eric Biggers) \n- nvme-multipath: fix double initialization of ANA state (Christoph Hellwig) \n- tty: vt: always invoke vc->vc_sw->con_resize callback (Tetsuo Handa) \n- vt: Fix character height handling with VT_RESIZEX (Maciej W. Rozycki) \n- vgacon: Record video mode changes with VT_RESIZEX (Maciej W. Rozycki) \n- video: hgafb: fix potential NULL pointer dereference (Igor Matheus Andrade Torrente) \n- qlcnic: Add null check after calling netdev_alloc_skb (Tom Seewald) \n- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (Phillip Potter) \n- ics932s401: fix broken handling of errors when word reading fails (Darrick J. Wong) \n- net: rtlwifi: properly check for alloc_workqueue() failure (Greg Kroah-Hartman) \n- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (Phillip Potter) \n- net: stmicro: handle clk_prepare() failure during init (Anirudh Rayabharam) \n- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (Du Cheng) \n- Revert niu: fix missing checks of niu_pci_eeprom_read (Greg Kroah-Hartman) \n- Revert qlcnic: Avoid potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert rtlwifi: fix a potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert media: rcar_drif: fix a memory disclosure (Greg Kroah-Hartman) \n- cdrom: gdrom: initialize global variable at init time (Greg Kroah-Hartman) \n- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (Atul Gopinathan) \n- Revert gdrom: fix a memory leak bug (Greg Kroah-Hartman) \n- Revert scsi: ufs: fix a missing check of devm_reset_control_get (Greg Kroah-Hartman) \n- Revert ecryptfs: replace BUG_ON with error handling code (Greg Kroah-Hartman) \n- Revert video: imsttfb: fix potential NULL pointer dereferences (Greg Kroah-Hartman) \n- Revert hwmon: (lm80) fix a missing check of bus read in lm80 probe (Greg Kroah-Hartman) \n- Revert leds: lp5523: fix a missing check of return value of lp55xx_read (Greg Kroah-Hartman) \n- Revert net: stmicro: fix a missing check of clk_prepare (Greg Kroah-Hartman) \n- Revert video: hgafb: fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- dm snapshot: fix crash with transient storage and zero chunk size (Mikulas Patocka) \n- xen-pciback: reconfigure also from backend watch handler (Jan Beulich) \n- mmc: sdhci-pci-gli: increase 1.8V regulator wait (Daniel Beer) \n- drm/amdgpu: update sdma golden setting for Navi12 (Guchun Chen) \n- drm/amdgpu: update gc golden setting for Navi12 (Guchun Chen) \n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Changfeng) \n- Revert serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference (Greg Kroah-Hartman) \n- rapidio: handle create_workqueue() failure (Anirudh Rayabharam) \n- Revert rapidio: fix a NULL pointer dereference when create_workqueue() fails (Greg Kroah-Hartman) \n- uio_hv_generic: Fix a memory leak in error handling paths (Christophe JAILLET) \n- ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (Elia Devito) \n- ALSA: hda/realtek: Add fixup for HP OMEN laptop (Takashi Iwai) \n- ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (Takashi Iwai) \n- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (PeiSen Hou) \n- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (Hui Wang) \n- ALSA: firewire-lib: fix check for the size of isochronous packet payload (Takashi Sakamoto) \n- Revert ALSA: sb8: add a check for request_region (Greg Kroah-Hartman) \n- ALSA: hda: fixup headset for ASUS GU502 laptop (Daniel Cordova A) \n- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (Takashi Sakamoto) \n- ALSA: usb-audio: Validate MS endpoint descriptors (Takashi Iwai) \n- ALSA: firewire-lib: fix calculation for size of IR context payload (Takashi Sakamoto) \n- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (Takashi Sakamoto) \n- ALSA: line6: Fix racy initialization of LINE6 MIDI (Takashi Iwai) \n- ALSA: intel8x0: Dont update period unless prepared (Takashi Iwai) \n- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (Takashi Sakamoto) \n- cifs: fix memory leak in smb2_copychunk_range (Ronnie Sahlberg) \n- btrfs: avoid RCU stalls while running delayed iputs (Josef Bacik) \n- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (Zqiang) \n- nvmet: seset ns->file when open fails (Daniel Wagner) \n- ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (Oleg Nesterov) \n- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (Dan Carpenter) \n- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Hans de Goede) \n- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (Liming Sun) \n- RDMA/core: Dont access cm_id after its destruction (Shay Drory) \n- RDMA/mlx5: Recover from fatal event in dual port mode (Maor Gottlieb) \n- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (Zhen Lei) \n- scsi: ufs: core: Increase the usable queue depth (Bart Van Assche) \n- RDMA/rxe: Clear all QP fields if creation failed (Leon Romanovsky) \n- RDMA/siw: Release xarray entry (Leon Romanovsky) \n- RDMA/siw: Properly check send and receive CQ pointers (Leon Romanovsky) \n- openrisc: Fix a memory leak (Christophe JAILLET) \n- firmware: arm_scpi: Prevent the ternary sign expansion bug (Dan Carpenter)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14304", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2021-23134", "CVE-2021-33909", "CVE-2021-3564"], "modified": "2021-08-10T00:00:00", "id": "ELSA-2021-9406", "href": "http://linux.oracle.com/errata/ELSA-2021-9406.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:28:16", "description": "[5.4.17-2102.204.4.2]\n- rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447]\n[5.4.17-2102.204.4.1]\n- rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] \n- rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] \n- arm64: mm: kdump: Fix /proc/kcore (Henry Willard) [Orabug: 32570847]\n[5.4.17-2102.204.4]\n- Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33167303] \n- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165876] \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] \n- rds: ib: Increase entropy of RDMA IOVAs (Hakon Bugge) [Orabug: 33104687]\n[5.4.17-2102.204.3]\n- rds: Check for illegal flags when creating an MR (Hakon Bugge) [Orabug: 33144338] \n- seq_file: disallow extremely large seq buffer allocations (Eric Sandeen) [Orabug: 33135632] {CVE-2021-33909}\n[5.4.17-2102.204.2]\n- RDMA/core/sa_query: Remove unused argument (Hakon Bugge) [Orabug: 33113136] \n- RDMA/cma: Fix incorrect Packet Lifetime calculation (Hakon Bugge) [Orabug: 33113136] \n- RDMA: Remove a few extra calls to ib_get_client_data() (Jason Gunthorpe) [Orabug: 33113136] \n- RDMA/cma: Protect RMW with qp_mutex (Hakon Bugge) [Orabug: 33113136] \n- IB/cma: Introduce rdma_set_min_rnr_timer() (Hakon Bugge) [Orabug: 33113136] \n- RDMA/iwcm: Allow AFONLY binding for IPv6 addresses (Bernard Metzler) [Orabug: 33113136] \n- RDMA/cma: Remove unnecessary INIT->INIT transition (Hakon Bugge) [Orabug: 33113136] \n- RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 33113136] \n- crypto: ccp - Dont initialize SEV support without the SEV feature (Venu Busireddy) [Orabug: 33110762] \n- xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] \n- ext4: use ext4_grp_locked_error in mb_find_extent (Stephen Brennan) [Orabug: 33042746] \n- PCI/ERR: Retain status from error notification (Keith Busch) [Orabug: 32995246] \n- perf maps: Do not use an rbtree to sort by map name (Arnaldo Carvalho de Melo) [Orabug: 32726674] \n- block: return the correct bvec when checking for gaps (Long Li) [Orabug: 33000789]\n[5.4.17-2102.204.1]\n- LTS tag: v5.4.128 (Jack Vogel) \n- ARM: OMAP: replace setup_irq() by request_irq() (afzal mohammed) \n- KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read (Eric Auger) \n- tools headers UAPI: Sync linux/in.h copy with the kernel sources (Arnaldo Carvalho de Melo) \n- net: fec_ptp: add clock rate zero check (Fugang Duan) \n- net: stmmac: disable clocks in stmmac_remove_config_dt() (Joakim Zhang) \n- mm/slub.c: include swab.h (Andrew Morton) \n- mm/slub: fix redzoning for small allocations (Kees Cook) \n- mm/slub: clarify verification reporting (Kees Cook) \n- net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov) \n- net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov) \n- net: ll_temac: Fix TX BD buffer overwrite (Esben Haabendal) \n- net: ll_temac: Make sure to free skb when it is completely used (Esben Haabendal) \n- drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue. (Yifan Zhang) \n- drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell. (Yifan Zhang) \n- cfg80211: avoid double free of PMSR request (Avraham Stern) \n- cfg80211: make certificate generation more robust (Johannes Berg) \n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee) \n- x86/fpu: Reset state for all signal restore failures (Thomas Gleixner) \n- x86/pkru: Write hardware init value to PKRU when xstate is init (Thomas Gleixner) \n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Thomas Gleixner) \n- ARCv2: save ABI registers across signal handling (Vineet Gupta) \n- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (Sean Christopherson) \n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun) \n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna) \n- PCI: aardvark: Fix kernel panic during PIO transfer (Pali Rohar) \n- PCI: aardvark: Dont rely on jiffies while holding spinlock (Remi Pommarel) \n- PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni) \n- PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen) \n- tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware)) \n- tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware)) \n- tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware)) \n- usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn) \n- can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin) \n- can: j1939: fix Use-after-Free, hold skb ref while in use (Oleksij Rempel) \n- can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa) \n- can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) \n- hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu) \n- radeon: use memcpy_to/fromio for UVD fw upload (Chen Li) \n- pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled (Sergio Paracuellos) \n- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (Patrice Chotard) \n- ASoC: rt5659: Fix the lost powers for the HDA header (Jack Yu) \n- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (Axel Lin) \n- net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin) \n- icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen) \n- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (Somnath Kotur) \n- bnxt_en: Rediscover PHY capabilities after firmware reset (Michael Chan) \n- cxgb4: fix wrong shift. (Pavel Machek) \n- net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) \n- net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin) \n- be2net: Fix an error handling path in be_probe() (Christophe JAILLET) \n- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet) \n- net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan) \n- net: fec_ptp: fix issue caused by refactor the fec_devtype (Joakim Zhang) \n- net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu) \n- lantiq: net: fix duplicated skb in rx descriptor ring (Aleksander Jan Bajkowski) \n- net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski) \n- ptp: improve max_adj check against unreasonable values (Jakub Kicinski) \n- net: qrtr: fix OOB Read in qrtr_endpoint_post (Pavel Skripkin) \n- netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET) \n- qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET) \n- net: make get_net_ns return error if NET_NS is disabled (Changbin Du) \n- net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang) \n- alx: Fix an error handling path in alx_probe() (Christophe JAILLET) \n- sch_cake: Fix out of bounds when parsing TCP options and header (Maxim Mikityanskiy) \n- netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy) \n- net/mlx5e: Block offload of outer header csum for UDP tunnels (Aya Levin) \n- net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) \n- net/mlx5: Consider RoCE cap before init RDMA resources (Maor Gottlieb) \n- net/mlx5e: Fix page reclaim for dead peer hairpin (Dima Chumak) \n- net/mlx5e: Remove dependency in IPsec initialization flows (Huy Nguyen) \n- net/sched: act_ct: handle DNAT tuple collision (Marcelo Ricardo Leitner) \n- rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel) \n- udp: fix race between close() and udp_abort() (Paolo Abeni) \n- net: lantiq: disable interrupt before sheduling NAPI (Aleksander Jan Bajkowski) \n- net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin) \n- vrf: fix maximum MTU (Nicolas Dichtel) \n- net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun) \n- batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann) \n- kvm: LAPIC: Restore guard to prevent illegal APIC register access (Jim Mattson) \n- mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun) \n- afs: Fix an IS_ERR() vs NULL check (Dan Carpenter) \n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang) \n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap) \n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap) \n- LTS tag: v5.4.127 (Jack Vogel) \n- fib: Return the correct errno code (Zheng Yongjun) \n- net: Return the correct errno code (Zheng Yongjun) \n- net/x25: Return the correct errno code (Zheng Yongjun) \n- rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong) \n- drm/amd/display: Allow bandwidth validation for 0 streams. (Bindu Ramamurthy) \n- net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett) \n- nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke) \n- nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke) \n- nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke) \n- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (Ewan D. Milne) \n- scsi: qedf: Do not put host in qedf_vport_create() unconditionally (Daniel Wagner) \n- ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong) \n- scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi) \n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton) \n- riscv: Use -mno-relax when using lld linker (Khem Raj) \n- HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- gfs2: Prevent direct-I/O write fallback errors from getting lost (Andreas Gruenbacher) \n- ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu) \n- drm/tegra: sor: Do not leak runtime PM reference (Pavel Machek (CIP)) \n- HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam) \n- HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis) \n- HID: multitouch: set Stylus suffix for Stylus-application devices, too (Ahelenia Ziemianska) \n- HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada) \n- HID: hid-input: add mapping for emoji picker key (Dmitry Torokhov) \n- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (Nirenjan Krishnan) \n- net: ieee802154: fix null deref in parse dev addr (Dan Robertson) \n- LTS tag: v5.4.126 (Jack Vogel) \n- proc: only require mm_struct for writing (Linus Torvalds) \n- tracing: Correct the length check which causes memory corruption (Liangyan) \n- ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware)) \n- scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei) \n- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei) \n- scsi: core: Fix failure handling of scsi_add_host_with_dma() (Ming Lei) \n- scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei) \n- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. (Dai Ngo) \n- NFSv4: Fix second deadlock in nfs4_evict_inode() (Trond Myklebust) \n- NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker) \n- kvm: fix previous commit for 32-bit builds (Paolo Bonzini) \n- perf session: Correct buffer copying when peeking events (Leo Yan) \n- NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (Trond Myklebust) \n- NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter) \n- IB/mlx5: Fix initializing CQ fragments buffer (Alaa Hleihel) \n- KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message (Sean Christopherson) \n- sched/fair: Make sure to update tg contrib for blocked load (Vincent Guittot) \n- perf: Fix data race between pin_count increment/decrement (Marco Elver) \n- vmlinux.lds.h: Avoid orphan section with !SMP (Nathan Chancellor) \n- RDMA/mlx4: Do not map the core_clock page to user space unless enabled (Shay Drory) \n- RDMA/ipoib: Fix warning caused by destroying non-initial netns (Kamal Heib) \n- usb: typec: mux: Fix copy-paste mistake in typec_mux_match (Bjorn Andersson) \n- regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko) \n- regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov) \n- usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski) \n- usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski) \n- usb: gadget: eem: fix wrong eem header operation (Linyu Yuan) \n- USB: serial: cp210x: fix alternate function for CP2102N QFN20 (Stefan Agner) \n- USB: serial: quatech2: fix control-request directions (Johan Hovold) \n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX) \n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister) \n- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng) \n- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana) \n- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (Andy Shevchenko) \n- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (Thomas Petazzoni) \n- usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu) \n- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (Kyle Tso) \n- usb: f_ncm: only first packet of aggregate needs to start timer (Maciej zenczykowski) \n- USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski) \n- cgroup1: dont allow \n in renaming (Alexander Kuznetsov) \n- btrfs: promote debugging asserts to full-fledged checks in validate_super (Nikolay Borisov) \n- btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani) \n- staging: rtl8723bs: Fix uninitialized variables (Wenli Looi) \n- kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini) \n- drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi) \n- drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi) \n- spi: bcm2835: Fix out-of-bounds access with more than 4 slaves (Lukas Wunner) \n- x86/boot: Add .text.* to setup.ld (Arvind Sankar) \n- i2c: mpc: implement erratum A-004447 workaround (Chris Packham) \n- i2c: mpc: Make use of i2c_recover_bus() (Chris Packham) \n- spi: Cleanup on failure of initial setup (Lukas Wunner) \n- spi: Dont have controller clean up spi device before driver unbind (Saravana Kannan) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham) \n- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (Sagi Grimberg) \n- bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong) \n- dm verity: fix require_signatures module_param permissions (John Keeping) \n- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang) \n- nvme-fabrics: decode host pathing error for connect (Hannes Reinecke) \n- net: dsa: microchip: enable phy errata workaround on 9567 (George McCollister) \n- net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee) \n- net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li) \n- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov) \n- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (Yang Yingliang) \n- scsi: vmw_pvscsi: Set correct residual data length (Matt Wang) \n- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma) \n- wq: handle VM suspension in stall detection (Sergey Senozhatsky) \n- cgroup: disable controllers at parse time (Shakeel Butt) \n- net: mdiobus: get rid of a BUG_ON() (Dan Carpenter) \n- netlink: disable IRQs for netlink_lock_table() (Johannes Berg) \n- bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg) \n- isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) \n- spi: sprd: Add missing MODULE_DEVICE_TABLE (Chunyan Zhang) \n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- vfio-ccw: Serialize FSM IDLE state with I/O completion (Eric Farman) \n- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (Hans de Goede) \n- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (Hans de Goede) \n- usb: cdns3: Fix runtime PM imbalance on error (Dinghao Liu) \n- net/nfc/rawsock.c: fix a permission check bug (Jeimon) \n- spi: Fix spi device unregister flow (Saravana Kannan) \n- ASoC: max98088: fix ni clock divider calculation (Marco Felsch) \n- proc: Track /proc//attr/ opener mm_struct (Kees Cook) \n- LTS tag: v5.4.125 (Jack Vogel) \n- neighbour: allow NUD_NOARP entries to be forced GCed (David Ahern) \n- i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (Roja Rani Yarubandi) \n- xen-pciback: redo VF placement in the virtual topology (Jan Beulich) \n- lib/lz4: explicitly support in-place decompression (Gao Xiang) \n- x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov) \n- x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov) \n- x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov) \n- KVM: arm64: Fix debug register indexing (Marc Zyngier) \n- KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson) \n- btrfs: fix unmountable seed device after fstrim (Anand Jain) \n- mm/filemap: fix storing to a THP shadow entry (Matthew Wilcox (Oracle)) \n- XArray: add xas_split (Matthew Wilcox (Oracle)) \n- XArray: add xa_get_order (Matthew Wilcox (Oracle)) \n- mm: add thp_order (Matthew Wilcox (Oracle)) \n- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry) \n- btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik) \n- btrfs: return errors from btrfs_del_csums in cleanup_ref_head (Josef Bacik) \n- btrfs: fix error handling in btrfs_del_csums (Josef Bacik) \n- btrfs: mark ordered extent and inode with error if we fail to finish (Josef Bacik) \n- drm/amdgpu: make sure we unpin the UVD BO (Nirmoy Das) \n- drm/amdgpu: Dont query CE and UE errors (Luben Tuikov) \n- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski) \n- ocfs2: fix data corruption by fallocate (Junxiao Bi) \n- pid: take a reference when initializing (Mark Rutland) \n- usb: dwc2: Fix build in periphal-only mode (Phil Elwell) \n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin) \n- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (Marek Vasut) \n- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (Michal Vokax) \n- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (Carlos M) \n- ALSA: timer: Fix master timer notification (Takashi Iwai) \n- HID: multitouch: require Finger field to mark Win8 reports as MT (Ahelenia Ziemianska) \n- HID: magicmouse: fix NULL-deref on disconnect (Johan Hovold) \n- HID: i2c-hid: Skip ELAN power-on command after reset (Johnny Chuang) \n- net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin) \n- net: caif: fix memory leak in caif_device_notify (Pavel Skripkin) \n- net: caif: add proper error handling (Pavel Skripkin) \n- net: caif: added cfserl_release function (Pavel Skripkin) \n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) \n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) {CVE-2021-3564}\n- tipc: fix unique bearer names sanity check (Hoang Le) \n- tipc: add extack messages for bearer/media failure (Hoang Le) \n- bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (Tony Lindgren) \n- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (Geert Uytterhoeven) \n- ARM: dts: imx7d-pico: Fix the tuning-step property (Fabio Estevam) \n- ARM: dts: imx7d-meerkat96: Fix the tuning-step property (Fabio Estevam) \n- arm64: dts: zii-ultra: fix 12V_MAIN voltage (Lucas Stach) \n- arm64: dts: ls1028a: fix memory node (Michael Walle) \n- i40e: add correct exception tracing for XDP (Magnus Karlsson) \n- i40e: optimize for XDP_REDIRECT in xsk path (Magnus Karlsson) \n- i2c: qcom-geni: Add shutdown callback for i2c (Roja Rani Yarubandi) \n- ice: Allow all LLDP packets from PF to Tx (Dave Ertman) \n- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (Brett Creeley) \n- ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (Coco Li) \n- ixgbevf: add correct exception tracing for XDP (Magnus Karlsson) \n- ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun) \n- ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei) \n- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso) \n- netfilter: nft_ct: skip expectations for confirmed conntrack (Pablo Neira Ayuso) \n- ACPICA: Clean up context mutex during object deletion (Erik Kaneda) \n- net/sched: act_ct: Fix ct template allocation for zone 0 (Ariel Levkovich) \n- HID: i2c-hid: fix format string mismatch (Arnd Bergmann) \n- HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei) \n- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov) \n- vfio/platform: fix module_put call in error flow (Max Gurtovoy) \n- samples: vfio-mdev: fix error handing in mdpy_fb_probe() (Wei Yongjun) \n- vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap) \n- vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei) \n- efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes) \n- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit) \n- netfilter: conntrack: unregister ipv4 sockopts on error unwind (Florian Westphal) \n- hwmon: (dell-smm-hwmon) Fix index values (Armin Wolf) \n- nl80211: validate key indexes for cfg80211_registered_device (Anant Thazhemadam) \n- ALSA: usb: update old-style static const declaration (Pierre-Louis Bossart) \n- net: usb: cdc_ncm: dont spew notifications (Grant Grundler) \n- btrfs: tree-checker: do not error out if extent ref hash doesnt match (Josef Bacik) \n- LTS tag: v5.4.124 (Jack Vogel) \n- usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun) \n- neighbour: Prevent Race condition in neighbour subsytem (Chinmay Agarwal) \n- net: hso: bail out on interrupt URB allocation failure (Johan Hovold) \n- Revert Revert ALSA: usx2y: Fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- net: hns3: check the return of skb_checksum_help() (Yunsheng Lin) \n- drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg) \n- i915: fix build warning in intel_dp_get_link_status() (Greg Kroah-Hartman) \n- drm/i915/display: fix compiler warning about array overrun (Linus Torvalds) \n- MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap) \n- MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap) \n- sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo) \n- net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88 (Stefan Roese) \n- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (kernel test robot) \n- ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri) \n- net: lantiq: fix memory corruption in RX ring (Aleksander Jan Bajkowski) \n- scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter) \n- ixgbe: fix large MTU request from VF (Jesse Brandeburg) \n- bpf: Set mac_len in bpf_skb_change_head (Jussi Maki) \n- ASoC: cs35l33: fix an error code in probe() (Dan Carpenter) \n- staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter) \n- cxgb4: avoid accessing registers when clearing filters (Raju Rangoju) \n- gve: Correct SKB queue index validation. (David Awogbemila) \n- gve: Upgrade memory barrier in poll routine (Catherine Sullivan) \n- gve: Add NULL pointer checks when freeing irqs. (David Awogbemila) \n- gve: Update mgmt_msix_idx if num_ntfy changes (David Awogbemila) \n- gve: Check TX QPL was actually assigned (Catherine Sullivan) \n- mld: fix panic in mld_newpack() (Taehee Yoo) \n- bnxt_en: Include new P5 HV definition in VF check. (Andy Gospodarek) \n- net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei) \n- net: hso: check for allocation failure in hso_create_bulk_serial_device() (Dan Carpenter) \n- tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (Jim Ma) \n- openvswitch: meter: fix race when getting now_ms. (Tao Liu) \n- net: mdio: octeon: Fix some double free issues (Christophe JAILLET) \n- net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET) \n- net: fec: fix the potential memory leak in fec_enet_init() (Fugang Duan) \n- net: really orphan skbs tied to closing sk (Paolo Abeni) \n- vfio-ccw: Check initialized flag in cp_init() (Eric Farman) \n- ASoC: cs42l42: Regmap must use_single_read/write (Richard Fitzgerald) \n- net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count (Vladimir Oltean) \n- net: netcp: Fix an error message (Christophe JAILLET) \n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lang Yu) \n- drm/amdgpu: Fix a use-after-free (xinhui pan) \n- drm/amd/amdgpu: fix refcount leak (Jingwen Chen) \n- drm/amd/display: Disconnect non-DP with no EDID (Chris Park) \n- SMB3: incorrect file id in requests compounded with open (Steve French) \n- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (Teava Radu) \n- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko) \n- platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K) \n- btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik) \n- openrisc: Define memory barrier mb (Peter Zijlstra) \n- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang) \n- btrfs: return whole extents in fiemap (Boris Burkov) \n- brcmfmac: properly check for bus register errors (Greg Kroah-Hartman) \n- Revert brcmfmac: add a check for the status of usb_register (Greg Kroah-Hartman) \n- net: liquidio: Add missing null pointer checks (Tom Seewald) \n- Revert net: liquidio: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman) \n- Revert media: gspca: Check the return value of write_bridge for timeout (Greg Kroah-Hartman) \n- media: gspca: mt9m111: Check write_bridge for timeout (Alaa Emad) \n- Revert media: gspca: mt9m111: Check write_bridge for timeout (Greg Kroah-Hartman) \n- media: dvb: Add check on sp8870_readreg return (Alaa Emad) \n- Revert media: dvb: Add check on sp8870_readreg (Greg Kroah-Hartman) \n- ASoC: cs43130: handle errors in cs43130_probe() properly (Greg Kroah-Hartman) \n- Revert ASoC: cs43130: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- libertas: register sysfs groups properly (Greg Kroah-Hartman) \n- Revert libertas: add checks for the return value of sysfs_create_group (Greg Kroah-Hartman) \n- dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter) \n- Revert dmaengine: qcom_hidma: Check for driver register failure (Greg Kroah-Hartman) \n- isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (Phillip Potter) \n- Revert isdn: mISDN: Fix potential NULL pointer dereference of kzalloc (Greg Kroah-Hartman) \n- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (Anirudh Rayabharam) \n- Revert ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (Greg Kroah-Hartman) \n- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter) \n- Revert isdn: mISDNinfineon: fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert ALSA: usx2y: Fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert ALSA: gus: add a check of the status of snd_ctl_add (Greg Kroah-Hartman) \n- char: hpet: add checks after calling ioremap (Tom Seewald) \n- Revert char: hpet: fix a missing check of ioremap (Greg Kroah-Hartman) \n- net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng) \n- Revert net/smc: fix a NULL pointer dereference (Greg Kroah-Hartman) \n- net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam) \n- Revert net: fujitsu: fix a potential NULL pointer dereference (Greg Kroah-Hartman) \n- serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan) \n- Revert serial: max310x: pass return value of spi_register_driver (Greg Kroah-Hartman) \n- Revert ALSA: sb: fix a missing check of snd_ctl_add (Greg Kroah-Hartman) \n- Revert media: usb: gspca: add a missed check for goto_low_power (Greg Kroah-Hartman) \n- gpio: cadence: Add missing MODULE_DEVICE_TABLE (Zou Wei) \n- platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng) \n- perf jevents: Fix getting maximum number of fds (Felix Fietkau) \n- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (Geert Uytterhoeven) \n- i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare) \n- i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski) \n- net: dsa: sja1105: error out on unsupported PHY mode (Vladimir Oltean) \n- net: dsa: fix a crash if ->get_sset_count() fails (Dan Carpenter) \n- net: dsa: mt7530: fix VLAN traffic leaks (DENG Qingfang) \n- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (Christophe JAILLET) \n- tipc: skb_linearize the head skb when reassembling msgs (Xin Long) \n- tipc: wait and exit until all work queues are done (Xin Long) \n- Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le) \n- net/mlx5e: Fix nullptr in add_vlan_push_action() (Dima Chumak) \n- net/mlx5e: Fix multipath lag activation (Dima Chumak) \n- drm/meson: fix shutdown crash when component not probed (Neil Armstrong) \n- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu) \n- NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust) \n- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (Trond Myklebust) \n- NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter) \n- fs/nfs: Use fatal_signal_pending instead of signal_pending (zhouchuangao) \n- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) \n- spi: spi-geni-qcom: Fix use-after-free on unbind (Lukas Wunner) \n- net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) \n- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda) \n- usb: dwc3: gadget: Properly track pending and queued SG (Thinh Nguyen) \n- thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (Srinivas Pandruvada) \n- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng) \n- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp) \n- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas) \n- USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan) \n- serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma) \n- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven) \n- serial: tegra: Fix a mask operation that is always true (Colin Ian King) \n- USB: usbfs: Dont WARN about excessively large memory allocations (Alan Stern) \n- USB: trancevibrator: fix control-request direction (Johan Hovold) \n- serial: 8250_pci: handle FL_NOIRQ board flag (Christian Gmeiner) \n- serial: 8250_pci: Add support for new HPE serial device (Randy Wright) \n- iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing) \n- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (Jonathan Cameron) \n- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error. (Jonathan Cameron) \n- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: gyro: fxas21002c: balance runtime power in error path (Rui Miguel Silva) \n- staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus) \n- mei: request autosuspend after sending rx flow control (Alexander Usyskin) \n- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman) \n- misc/uss720: fix memory leak in uss720_probe (Dongliang Mu) \n- serial: core: fix suspicious security_locked_down() call (Ondrej Mosnacek) \n- Documentation: seccomp: Fix user notification documentation (Sargun Dhillon) \n- kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman) \n- selftests/gpio: Fix build when source tree is read only (Michael Ellerman) \n- selftests/gpio: Move include of lib.mk up (Michael Ellerman) \n- selftests/gpio: Use TEST_GEN_PROGS_EXTENDED (Michael Ellerman) \n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (James Zhu) \n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (James Zhu) \n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (James Zhu) \n- dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka) \n- ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R) \n- ath10k: Fix TKIP Michael MIC verification for PCIe (Wen Gong) {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Wen Gong) {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Wen Gong) {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Wen Gong) {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Wen Gong) \n- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) \n- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) \n- mac80211: check defrag PN against current frame (Johannes Berg) \n- mac80211: add fragment cache to sta_info (Johannes Berg) \n- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) \n- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586}\n- mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147}\n- net: hso: fix control-request directions (Johan Hovold) \n- proc: Check /proc//attr/ writes against file opener (Kees Cook) \n- perf scripts python: exported-sql-viewer.py: Fix warning display (Adrian Hunter) \n- perf scripts python: exported-sql-viewer.py: Fix Array TypeError (Adrian Hunter) \n- perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report (Adrian Hunter) \n- perf intel-pt: Fix transaction abort handling (Adrian Hunter) \n- perf intel-pt: Fix sample instruction bytes (Adrian Hunter) \n- iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer) \n- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker) \n- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (Aurelien Aptel) \n- ALSA: usb-audio: scarlett2: Improve driver startup messages (Geoffrey D. Bennett) \n- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (Geoffrey D. Bennett) \n- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (Hui Wang) \n- LTS tag: v5.4.123 (Jack Vogel) \n- NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu) \n- perf unwind: Set userdata for all __report_module() paths (Dave Rigby) \n- perf unwind: Fix separate debug info files when using elfutils libdws unwinder (Jan Kratochvil) \n- usb: dwc3: gadget: Enable suspend events (Jack Pham) \n- bpf: No need to simulate speculative domain for immediates (Daniel Borkmann) \n- bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann) \n- bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann) \n- LTS tag: v5.4.122 (Jack Vogel) \n- Bluetooth: SMP: Fail if remote and local public keys are identical (Luiz Augusto von Dentz) \n- video: hgafb: correctly handle card detect failure during probe (Anirudh Rayabharam) \n- nvmet: use new ana_log_size instead the old one (Hou Pu) \n- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (Luiz Augusto von Dentz) \n- ext4: fix error handling in ext4_end_enable_verity() (Eric Biggers) \n- nvme-multipath: fix double initialization of ANA state (Christoph Hellwig) \n- tty: vt: always invoke vc->vc_sw->con_resize callback (Tetsuo Handa) \n- vt: Fix character height handling with VT_RESIZEX (Maciej W. Rozycki) \n- vgacon: Record video mode changes with VT_RESIZEX (Maciej W. Rozycki) \n- video: hgafb: fix potential NULL pointer dereference (Igor Matheus Andrade Torrente) \n- qlcnic: Add null check after calling netdev_alloc_skb (Tom Seewald) \n- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (Phillip Potter) \n- ics932s401: fix broken handling of errors when word reading fails (Darrick J. Wong) \n- net: rtlwifi: properly check for alloc_workqueue() failure (Greg Kroah-Hartman) \n- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (Phillip Potter) \n- net: stmicro: handle clk_prepare() failure during init (Anirudh Rayabharam) \n- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (Du Cheng) \n- Revert niu: fix missing checks of niu_pci_eeprom_read (Greg Kroah-Hartman) \n- Revert qlcnic: Avoid potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert rtlwifi: fix a potential NULL pointer dereference (Greg Kroah-Hartman) \n- Revert media: rcar_drif: fix a memory disclosure (Greg Kroah-Hartman) \n- cdrom: gdrom: initialize global variable at init time (Greg Kroah-Hartman) \n- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (Atul Gopinathan) \n- Revert gdrom: fix a memory leak bug (Greg Kroah-Hartman) \n- Revert scsi: ufs: fix a missing check of devm_reset_control_get (Greg Kroah-Hartman) \n- Revert ecryptfs: replace BUG_ON with error handling code (Greg Kroah-Hartman) \n- Revert video: imsttfb: fix potential NULL pointer dereferences (Greg Kroah-Hartman) \n- Revert hwmon: (lm80) fix a missing check of bus read in lm80 probe (Greg Kroah-Hartman) \n- Revert leds: lp5523: fix a missing check of return value of lp55xx_read (Greg Kroah-Hartman) \n- Revert net: stmicro: fix a missing check of clk_prepare (Greg Kroah-Hartman) \n- Revert video: hgafb: fix potential NULL pointer dereference (Greg Kroah-Hartman) \n- dm snapshot: fix crash with transient storage and zero chunk size (Mikulas Patocka) \n- xen-pciback: reconfigure also from backend watch handler (Jan Beulich) \n- mmc: sdhci-pci-gli: increase 1.8V regulator wait (Daniel Beer) \n- drm/amdgpu: update sdma golden setting for Navi12 (Guchun Chen) \n- drm/amdgpu: update gc golden setting for Navi12 (Guchun Chen) \n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Changfeng) \n- Revert serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference (Greg Kroah-Hartman) \n- rapidio: handle create_workqueue() failure (Anirudh Rayabharam) \n- Revert rapidio: fix a NULL pointer dereference when create_workqueue() fails (Greg Kroah-Hartman) \n- uio_hv_generic: Fix a memory leak in error handling paths (Christophe JAILLET) \n- ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (Elia Devito) \n- ALSA: hda/realtek: Add fixup for HP OMEN laptop (Takashi Iwai) \n- ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (Takashi Iwai) \n- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (PeiSen Hou) \n- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (Hui Wang) \n- ALSA: firewire-lib: fix check for the size of isochronous packet payload (Takashi Sakamoto) \n- Revert ALSA: sb8: add a check for request_region (Greg Kroah-Hartman) \n- ALSA: hda: fixup headset for ASUS GU502 laptop (Daniel Cordova A) \n- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (Takashi Sakamoto) \n- ALSA: usb-audio: Validate MS endpoint descriptors (Takashi Iwai) \n- ALSA: firewire-lib: fix calculation for size of IR context payload (Takashi Sakamoto) \n- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (Takashi Sakamoto) \n- ALSA: line6: Fix racy initialization of LINE6 MIDI (Takashi Iwai) \n- ALSA: intel8x0: Dont update period unless prepared (Takashi Iwai) \n- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (Takashi Sakamoto) \n- cifs: fix memory leak in smb2_copychunk_range (Ronnie Sahlberg) \n- btrfs: avoid RCU stalls while running delayed iputs (Josef Bacik) \n- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (Zqiang) \n- nvmet: seset ns->file when open fails (Daniel Wagner) \n- ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (Oleg Nesterov) \n- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (Dan Carpenter) \n- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Hans de Goede) \n- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (Liming Sun) \n- RDMA/core: Dont access cm_id after its destruction (Shay Drory) \n- RDMA/mlx5: Recover from fatal event in dual port mode (Maor Gottlieb) \n- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (Zhen Lei) \n- scsi: ufs: core: Increase the usable queue depth (Bart Van Assche) \n- RDMA/rxe: Clear all QP fields if creation failed (Leon Romanovsky) \n- RDMA/siw: Release xarray entry (Leon Romanovsky) \n- RDMA/siw: Properly check send and receive CQ pointers (Leon Romanovsky) \n- openrisc: Fix a memory leak (Christophe JAILLET) \n- firmware: arm_scpi: Prevent the ternary sign expansion bug (Dan Carpenter)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14304", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2021-23134", "CVE-2021-33909", "CVE-2021-3564"], "modified": "2021-08-10T00:00:00", "id": "ELSA-2021-9404", "href": "http://linux.oracle.com/errata/ELSA-2021-9404.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-22T18:26:11", "description": "[4.1.12-124.54.6.1]\n- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 33369433] {CVE-2020-12114} {CVE-2020-12114}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 33369414] {CVE-2019-19448} {CVE-2019-19448}\n- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 33369390] {CVE-2019-17133}\n- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} {CVE-2019-3900}\n- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900}\n- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900}\n- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 33369374] {CVE-2019-3900}\n- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang) [Orabug: 33369374] {CVE-2019-3900}\n- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}\n- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}\n- mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}\n- mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}\n- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}\n- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586}\n- mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147}\n- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369303] {CVE-2021-3655}\n- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369276] {CVE-2021-38160}\n- net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33369231] {CVE-2021-3715}\n- HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33369121] {CVE-2021-0512}\n- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369043] {CVE-2021-40490}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17133", "CVE-2019-19448", "CVE-2019-3900", "CVE-2020-12114", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26142", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2021-0512", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-38160", "CVE-2021-40490"], "modified": "2021-09-22T00:00:00", "id": "ELSA-2021-9459", "href": "http://linux.oracle.com/errata/ELSA-2021-9459.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T18:27:54", "description": "[4.14.35-2047.508.3]\n- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}\n- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] \n- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735]\n[4.14.35-2047.508.2]\n- KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33360245] \n- Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359680] \n- net/mlx5: Rate limit errors in command interface (Leon Romanovsky) [Orabug: 33305503] \n- Bluetooth: defer cleanup of resources in hci_unregister_dev() (Tetsuo Handa) [Orabug: 33292634] {CVE-2021-3573}\n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33292634] \n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33292634] {CVE-2021-3564}\n- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33134287] \n- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33134287] \n- uek-rpm: Add dm-cache-smq.ko module (John Donnelly) [Orabug: 29198153]\n[4.14.35-2047.508.1]\n- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33324346] \n- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33329032] \n- ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33329032] \n- Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33329032] \n- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33327179] {CVE-2021-40490}\n- uek-rpm: add CONFIG_PVPANIC_PCI to aarch64 (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic-pci: Allow automatic loading (Eric Auger) [Orabug: 33155642] \n- misc/pvpanic: Remove some dead-code (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic: Make pvpanic_probe() resource managed (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-mmio: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-mmio: Fix error handling in pvpanic_mmio_probe() (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-pci: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-pci: Fix error handling in pvpanic_pci_probe() (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic: Make some symbols static (YueHaibing) [Orabug: 33155642] \n- misc/pvpanic: fix return value check in pvpanic_pci_probe() (Qiheng Lin) [Orabug: 33155642] \n- misc/pvpanic: add PCI driver (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: probe multiple instances (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: split-up generic and platform dependent code (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: Export module FDT device table (Shile Zhang) [Orabug: 33155642] \n- misc: pvpanic: sysfs_emit uses should have a newline (Joe Perches) [Orabug: 33155642] \n- misc: pvpanic: introduce events device attribue (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: introduce device capability (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: Check devm_ioport_map() for NULL (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Replace OF headers by mod_devicetable.h (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Combine ACPI and platform drivers (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Use devm_platform_ioremap_resource() (Wang ShaoBo) [Orabug: 33155642] \n- driver core: platform: Introduce platform_get_mem_or_io() (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: move bit definition to uapi header file (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: fix warning implicit declaration (Anders Roxell) [Orabug: 33155642] \n- misc/pvpanic: resolve compile errors for arch=um (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: fix a NULL vs IS_ERR() check (Dan Carpenter) [Orabug: 33155642] \n- misc/pvpanic: remove a redundant comma (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: convert to SPDX license tags (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: change header file sort style (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: remove unnecessary header file (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic : break dependency on ACPI (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic : grouping ACPI related stuff (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: add support to get pvpanic device info FDT (Peng Hao) [Orabug: 33155642] \n- dt-bindings: misc/pvpanic: add document for pvpanic-mmio (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: add MMIO support (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: simplify the code using acpi_dev_resource_io (Peng Hao) [Orabug: 33155642] \n- pvpanic: move pvpanic to misc as common driver (Peng Hao) [Orabug: 33155642] \n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32769032] {CVE-2020-36322}\n- Linux 4.14.243 (Greg Kroah-Hartman) \n- spi: mediatek: Fix fifo transfer (Guenter Roeck) \n- Revert watchdog: iTCO_wdt: Account for rebooting on second timeout (Greg Kroah-Hartman) \n- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (Sean Christopherson) \n- KVM: do not assume PTE is writable after follow_pfn (Paolo Bonzini) \n- Revert Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Greg Kroah-Hartman) \n- net: Fix zero-copy head len calculation. (Pravin B Shelar) \n- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() (Jia He) \n- r8152: Fix potential PM refcount imbalance (Takashi Iwai) \n- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (Axel Lin) \n- btrfs: mark compressed range uptodate only if all bio succeed (Goldwyn Rodrigues) \n- Linux 4.14.242 (Greg Kroah-Hartman) \n- Revert perf map: Fix dso->nsinfo refcounting (Arnaldo Carvalho de Melo) \n- can: hi311x: fix a signedness bug in hi3110_cmd() (Dan Carpenter) \n- sis900: Fix missing pci_disable_device() in probe and remove (Wang Hai) \n- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (Wang Hai) \n- sctp: fix return value check in __sctp_rcv_asconf_lookup (Marcelo Ricardo Leitner) \n- net/mlx5: Fix flow table chaining (Maor Gottlieb) \n- net: llc: fix skb_over_panic (Pavel Skripkin) \n- mlx4: Fix missing error code in mlx4_load_one() (Jiapeng Chong) \n- tipc: fix sleeping in tipc accept routine (Hoang Le) \n- netfilter: nft_nat: allow to specify layer 4 protocol NAT only (Pablo Neira Ayuso) \n- netfilter: conntrack: adjust stop timestamp to real expiry value (Florian Westphal) \n- cfg80211: Fix possible memory leak in function cfg80211_bss_update (Nguyen Dinh Phi) \n- x86/asm: Ensure asm/proto.h can be included stand-alone (Jan Kiszka) \n- nfc: nfcsim: fix use after free during module unload (Krzysztof Kozlowski) \n- NIU: fix incorrect error return, missed in previous revert (Paul Jakma) \n- can: esd_usb2: fix memory leak (Pavel Skripkin) \n- can: ems_usb: fix memory leak (Pavel Skripkin) \n- can: usb_8dev: fix memory leak (Pavel Skripkin) \n- can: mcba_usb_start(): add missing urb->transfer_dma initialization (Pavel Skripkin) \n- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (Ziyang Xuan) \n- x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- gro: ensure frag0 meets IP header alignment (Eric Dumazet) \n- virtio_net: Do not pull payload in skb->head (Eric Dumazet) \n- ARM: dts: versatile: Fix up interrupt controller node names (Sudeep Holla) \n- hfs: add lock nesting notation to hfs_find_init (Desmond Cheong Zhi Xi) \n- hfs: fix high memory mapping in hfs_bnode_read (Desmond Cheong Zhi Xi) \n- hfs: add missing clean-up in hfs_fill_super (Desmond Cheong Zhi Xi) \n- sctp: move 198 addresses from unusable to private scope (Xin Long) \n- net: annotate data race around sk_ll_usec (Eric Dumazet) \n- net/802/garp: fix memleak in garp_request_join() (Yang Yingliang) \n- net/802/mrp: fix memleak in mrp_request_join() (Yang Yingliang) \n- workqueue: fix UAF in pwq_unbound_release_workfn() (Yang Yingliang) \n- af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) \n- net: split out functions related to registering inflight socket files (Jens Axboe) \n- KVM: x86: determine if an exception has an error code only when injecting it. (Maxim Levitsky) \n- selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c (Greg Kroah-Hartman)\n[4.14.35-2047.508.0]\n- Linux 4.14.241 (Greg Kroah-Hartman) \n- xhci: add xhci_get_virt_ep() helper (Mathias Nyman) \n- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (Christophe JAILLET) \n- btrfs: compression: dont try to compress if we dont have enough pages (David Sterba) \n- iio: accel: bma180: Fix BMA25x bandwidth register values (Stephan Gerhold) \n- iio: accel: bma180: Use explicit member assignment (Linus Walleij) \n- net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear (Doug Berger) \n- drm: Return -ENOTTY for non-drm ioctls (Charles Baylis) \n- selftest: use mmap instead of posix_memalign to allocate memory (Peter Collingbourne) \n- ixgbe: Fix packet corruption due to missing DMA sync (Markus Boehme) \n- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (Gustavo A. R. Silva) \n- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33198436] {CVE-2021-3679}\n- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. (Minas Harutyunyan) \n- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (John Keeping) \n- USB: serial: cp210x: fix comments for GE CS1000 (Ian Ray) \n- USB: serial: option: add support for u-blox LARA-R6 family (Marco De Marco) \n- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (Yoshihiro Shimoda) \n- usb: max-3421: Prevent corruption of freed memory (Mark Tomlinson) \n- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (Julian Sikorski) \n- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (Mathias Nyman) \n- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Nicholas Piggin) \n- xhci: Fix lost USB 2 remote wake (Mathias Nyman) \n- ALSA: sb: Fix potential ABBA deadlock in CSP driver (Takashi Iwai) \n- s390/ftrace: fix ftrace_update_ftrace_func implementation (Vasily Gorbik) \n- Revert MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei) \n- proc: Avoid mixing integer types in mem_rw() (Marcelo Henrique Cerri) \n- Revert USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (Vincent Palatin) \n- spi: cadence: Correct initialisation of runtime PM again (Marek Vasut) \n- scsi: target: Fix protect handling in WRITE SAME(32) (Dmitry Bogdanov) \n- scsi: iscsi: Fix iface sysfs attr detection (Mike Christie) \n- netrom: Decrease sock refcount when sock timers expire (Nguyen Dinh Phi) \n- net: decnet: Fix sleeping inside in af_decnet (Yajun Deng) \n- net: fix uninit-value in caif_seqpkt_sendmsg (Ziyang Xuan) \n- s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] (Colin Ian King) \n- liquidio: Fix unintentional sign extension issue on left shift of u16 (Colin Ian King) \n- spi: mediatek: fix fifo rx mode (Peter Hess) \n- perf probe-file: Delete namelist in del_events() on the error path (Riccardo Mancini) \n- perf test bpf: Free obj_buf (Riccardo Mancini) \n- perf lzma: Close lzma stream on exit (Riccardo Mancini) \n- perf probe: Fix dso->nsinfo refcounting (Riccardo Mancini) \n- perf map: Fix dso->nsinfo refcounting (Riccardo Mancini) \n- igb: Check if num of q_vectors is smaller than max before array access (Aleksandr Loktionov) \n- iavf: Fix an error handling path in iavf_probe() (Christophe JAILLET) \n- e1000e: Fix an error handling path in e1000_probe() (Christophe JAILLET) \n- fm10k: Fix an error handling path in fm10k_probe() (Christophe JAILLET) \n- igb: Fix an error handling path in igb_probe() (Christophe JAILLET) \n- ixgbe: Fix an error handling path in ixgbe_probe() (Christophe JAILLET) \n- igb: Fix use-after-free error during reset (Vinicius Costa Gomes) \n- ipv6: tcp: drop silly ICMPv6 packet too big messages (Eric Dumazet) \n- tcp: annotate data races around tp->mtu_info (Eric Dumazet) \n- dma-buf/sync_file: Dont leak fences on merge failure (Jason Ekstrand) \n- net: validate lwtstate->data before returning from skb_tunnel_info() (Taehee Yoo) \n- net: send SYNACK packet with accepted fwmark (Alexander Ovechkin) \n- net: ti: fix UAF in tlan_remove_one (Pavel Skripkin) \n- net: qcom/emac: fix UAF in emac_remove (Pavel Skripkin) \n- net: moxa: fix UAF in moxart_mac_probe (Pavel Skripkin) \n- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (Florian Fainelli) \n- net: bridge: sync fdb to new unicast-filtering ports (Wolfgang Bumiller) \n- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (Vasily Averin) \n- net: ipv6: fix return value of ip6_skb_dst_mtu (Vadim Fedorenko) \n- sched/fair: Fix CFS bandwidth hrtimer expiry type (Odin Ugedal) \n- scsi: libfc: Fix array index out of bound exception (Javed Hasan) \n- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (Colin Ian King) \n- rtc: max77686: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski) \n- kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set (Matthias Maennich) \n- thermal/core: Correct function name thermal_zone_device_unregister() (Yang Yingliang) \n- arm64: dts: ls208xa: remove bus-num from dspi node (Mian Yousaf Kaukab) \n- arm64: dts: juno: Update SCPI nodes as per the YAML schema (Sudeep Holla) \n- ARM: dts: stm32: fix RCC node name on stm32f429 MCU (Alexandre Torgue) \n- ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info (Jonathan Neuschafer) \n- ARM: dts: imx6: phyFLEX: Fix UART hardware flow control (Primoz Fiser) \n- ARM: dts: BCM63xx: Fix NAND nodes names (Rafal Milecki) \n- ARM: NSP: dts: fix NAND nodes names (Rafal Milecki) \n- ARM: Cygnus: dts: fix NAND nodes names (Rafal Milecki) \n- ARM: brcmstb: dts: fix NAND nodes names (Rafal Milecki) \n- reset: ti-syscon: fix to_ti_syscon_reset_data macro (Philipp Zabel) \n- arm64: dts: rockchip: Fix power-controller node names for rk3328 (Elaine Zhang) \n- ARM: dts: rockchip: Fix power-controller node names for rk3288 (Elaine Zhang) \n- ARM: dts: rockchip: Fix the timer clocks order (Ezequiel Garcia) \n- arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi (Johan Jonker) \n- ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 (Johan Jonker) \n- ARM: dts: gemini: add device_type on pci (Corentin Labbe) \n- Linux 4.14.240 (Greg Kroah-Hartman) \n- net: bridge: multicast: fix PIM hello router port marking race (Nikolay Aleksandrov) \n- MIPS: vdso: Invalid GIC access through VDSO (Martin Facknitz) \n- mips: disable branch profiling in boot/decompress.o (Randy Dunlap) \n- mips: always link byteswap helpers into decompressor (Arnd Bergmann) \n- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (Christophe JAILLET) \n- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (Aswath Govindraju) \n- memory: fsl_ifc: fix leak of private memory on probe failure (Krzysztof Kozlowski) \n- memory: fsl_ifc: fix leak of IO mapping on probe failure (Krzysztof Kozlowski) \n- reset: bail if try_module_get() fails (Philipp Zabel) \n- ARM: dts: BCM5301X: Fixup SPI binding (Rafal Milecki) \n- ARM: dts: r8a7779, marzen: Fix DU clock names (Geert Uytterhoeven) \n- rtc: fix snprintf() checking in is_rtc_hctosys() (Dan Carpenter) \n- memory: atmel-ebi: add missing of_node_put for loop iteration (Krzysztof Kozlowski) \n- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (Krzysztof Kozlowski) \n- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (Krzysztof Kozlowski) \n- reset: a10sr: add missing of_match_table reference (Krzysztof Kozlowski) \n- hexagon: use common DISCARDS macro (Nathan Chancellor) \n- NFSv4/pNFS: Dont call _nfs4_pnfs_v3_ds_connect multiple times (Trond Myklebust) \n- ALSA: isa: Fix error return code in snd_cmi8330_probe() (Zhen Lei) \n- x86/fpu: Limit xstate copy size in xstateregs_set() (Thomas Gleixner) \n- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (Zhihao Cheng) \n- nfs: fix acl memory leak of posix_acl_create() (Gao Xiang) \n- watchdog: aspeed: fix hardware timeout calculation (Tao Ren) \n- um: fix error return code in winch_tramp() (Zhen Lei) \n- um: fix error return code in slip_open() (Zhen Lei) \n- power: supply: rt5033_battery: Fix device tree enumeration (Stephan Gerhold) \n- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (Krzysztof Wilczynski) \n- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs (Chao Yu) \n- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33209273] {CVE-2021-38160}\n- virtio_net: Fix error handling in virtnet_restore() (Xie Yongji) \n- virtio-blk: Fix memory leak among suspend/resume procedure (Xie Yongji) \n- ACPI: video: Add quirk for the Dell Vostro 3350 (Hans de Goede) \n- ACPI: AMBA: Fix resource name in /proc/iomem (Liguang Zhang) \n- pwm: tegra: Dont modify HW state in .remove callback (Uwe Kleine-Konig) \n- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- NFS: nfs_find_open_context() may only select open files (Trond Myklebust) \n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) \n- orangefs: fix orangefs df output. (Mike Marshall) \n- x86/fpu: Return proper error codes from user access functions (Thomas Gleixner) \n- watchdog: iTCO_wdt: Account for rebooting on second timeout (Jan Kiszka) \n- watchdog: Fix possible use-after-free by calling del_timer_sync() (Zou Wei) \n- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (Zou Wei) \n- watchdog: Fix possible use-after-free in wdt_startup() (Zou Wei) \n- ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 (Nick Desaulniers) \n- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski) \n- power: supply: ab8500: Avoid NULL pointers (Linus Walleij) \n- pwm: spear: Dont modify HW state in .remove callback (Uwe Kleine-Konig) \n- lib/decompress_unlz4.c: correctly handle zero-padding around initrds. (Dimitri John Ledkov) \n- i2c: core: Disable client irq on reboot/shutdown (Dmitry Torokhov) \n- intel_th: Wait until port is in reset before programming it (Alexander Shishkin) \n- staging: rtl8723bs: fix macro value for 2.4Ghz only device (Fabio Aiuto) \n- ALSA: hda: Add IRQ check for platform_get_irq() (Jiajun Cao) \n- backlight: lm3630a: Fix return code of .update_status() callback (Uwe Kleine-Konig) \n- powerpc/boot: Fixup device-tree on little endian (Benjamin Herrenschmidt) \n- usb: gadget: hid: fix error return code in hid_bind() (Yang Yingliang) \n- usb: gadget: f_hid: fix endianness issue with descriptors (Ruslan Bilovol) \n- ALSA: bebob: add support for ToneWeal FW66 (Takashi Sakamoto) \n- ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (Zhen Lei) \n- selftests/powerpc: Fix no_handler EBB selftest (Athira Rajeev) \n- ALSA: ppc: fix error return code in snd_pmac_probe() (Yang Yingliang) \n- gpio: zynq: Check return value of pm_runtime_get_sync (Srinivas Neeli) \n- powerpc/ps3: Add dma_mask to ps3_dma_region (Geoff Levand) \n- ALSA: sb: Fix potential double-free of CSP mixer elements (Takashi Iwai) \n- s390/sclp_vt220: fix console name to match device (Valentin Vidic) \n- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (Zou Wei) \n- scsi: qedi: Fix null ref during abort handling (Mike Christie) \n- scsi: iscsi: Fix shost->max_id use (Mike Christie) \n- scsi: iscsi: Add iscsi_cls_conn refcount helpers (Mike Christie) \n- fs/jfs: Fix missing error code in lmLogInit() (Jiapeng Chong) \n- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (Christophe JAILLET) \n- scsi: core: Cap scsi_host cmd_per_lun at can_queue (John Garry) \n- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (James Smart) \n- scsi: lpfc: Fix Unexpected timeout error in direct attach topology (James Smart) \n- w1: ds2438: fixing bug that would always get page0 (Luiz Sampaio) \n- Revert ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (Takashi Sakamoto) \n- misc/libmasm/module: Fix two use after free in ibmasm_init_one (Lv Yunlong) \n- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (Sherry Sun) \n- PCI: aardvark: Fix kernel panic during PIO transfer (Pali Rohar) \n- PCI: aardvark: Dont rely on jiffies while holding spinlock (Remi Pommarel) \n- tracing: Do not reference char * as a string in histograms (Steven Rostedt (VMware)) \n- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (Tyrel Datwyler) \n- KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() (Lai Jiangshan) \n- KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled (Sean Christopherson) \n- smackfs: restrict bytes count in smk_set_cipso() (Tetsuo Handa) \n- jfs: fix GPF in diFree (Pavel Skripkin) \n- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (Benjamin Drung) \n- media: gspca/sunplus: fix zero-length control requests (Johan Hovold) \n- media: gspca/sq905: fix control-request direction (Johan Hovold) \n- media: zr364xx: fix memory leak in zr364xx_start_readpipe (Pavel Skripkin) \n- media: dtv5100: fix control-request directions (Johan Hovold) \n- dm btree remove: assign new_root only when removal succeeds (Hou Tao) \n- ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe (Lv Yunlong) \n- tracing: Simplify & fix saved_tgids logic (Paul Burton) \n- seq_buf: Fix overflow in seq_buf_putmem_hex() (Yun Zhou) \n- power: supply: ab8500: Fix an old bug (Linus Walleij) \n- ipmi/watchdog: Stop watchdog timer when the current action is none (Petr Pavlu) \n- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (Nathan Chancellor) \n- ASoC: tegra: Set driver_name=tegra for all machine drivers (Dmitry Osipenko) \n- cpu/hotplug: Cure the cpusets trainwreck (Thomas Gleixner) \n- ata: ahci_sunxi: Disable DIPM (Timo Sigurdsson) \n- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (Christian Lohle) \n- mmc: core: clear flags before allowing to retune (Wolfram Sang) \n- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (Al Cooper) \n- pinctrl/amd: Add device HID for new AMD GPIO controller (Maximilian Luz) \n- drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (Jing Xiangfeng) \n- usb: gadget: f_fs: Fix setting of device and driver data cross-references (Andrew Gabbasov) \n- powerpc/barrier: Avoid collision with clangs __lwsync macro (Nathan Chancellor) \n- mac80211: fix memory corruption in EAPOL handling (Davis Mosenkovs) \n- fuse: reject internal errno (Miklos Szeredi) \n- bdi: Do not use freezable workqueue (Mika Westerberg) \n- fscrypt: dont ignore minor_hash when hash is 0 (Eric Biggers) \n- sctp: add size validation when walking chunks (Marcelo Ricardo Leitner) \n- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33198408] {CVE-2021-3655}\n- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. (Tim Jiang) \n- Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Kai-Heng Feng) \n- Bluetooth: Fix the HCI to MGMT status conversion table (Yu Liu) \n- wireless: wext-spy: Fix out-of-bounds warning (Gustavo A. R. Silva) \n- sfc: error code if SRIOV cannot be disabled (inigo Huguet) \n- sfc: avoid double pci_remove of VFs (inigo Huguet) \n- iwlwifi: mvm: dont change band on bound PHY contexts (Johannes Berg) \n- RDMA/rxe: Dont overwrite errno from ib_umem_get() (Xiao Yang) \n- vsock: notify server to shutdown when client has pending signal (Longpeng(Mike)) \n- atm: nicstar: register the interrupt handler in the right place (Zheyu Ma) \n- atm: nicstar: use dma_free_coherent instead of kfree (Zheyu Ma) \n- MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei) \n- cw1200: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (Lee Gibson) \n- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (Tony Lindgren) \n- xfrm: Fix error reporting in xfrm_state_construct. (Steffen Klassert) \n- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC (Minchan Kim) \n- fjes: check return value after calling platform_get_resource() (Yang Yingliang) \n- net: micrel: check return value after calling platform_get_resource() (Yang Yingliang) \n- net: bcmgenet: check return value after calling platform_get_resource() (Yang Yingliang) \n- virtio_net: Remove BUG() to avoid machine dead (Xianting Tian) \n- dm space maps: dont reset space map allocation cursor when committing (Joe Thornber) \n- RDMA/cxgb4: Fix missing error code in create_qp() (Jiapeng Chong) \n- ipv6: use prandom_u32() for ID generation (Willy Tarreau) \n- clk: tegra: Ensure that PLLU configuration is applied properly (Dmitry Osipenko) \n- clk: renesas: r8a77995: Add ZA2 clock (Kuninori Morimoto) \n- e100: handle eeprom as little endian (Jesse Brandeburg) \n- udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti) \n- drm/virtio: Fix double free on probe failure (Xie Yongji) \n- reiserfs: add check for invalid 1st journal block (Pavel Skripkin) \n- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Sebastian Andrzej Siewior) \n- atm: nicstar: Fix possible use-after-free in nicstar_cleanup() (Zou Wei) \n- mISDN: fix possible use-after-free in HFC_cleanup() (Zou Wei) \n- atm: iphase: fix possible use-after-free in ia_module_exit() (Zou Wei) \n- hugetlb: clear huge pte during flush function on mips platform (Bibo Mao) \n- net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() (Andy Shevchenko) \n- drm/amd/amdgpu/sriov disable all ip hw status by default (Jack Zhang) \n- drm/zte: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann) \n- drm/mxsfb: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann) \n- mmc: vub3000: fix control-request direction (Johan Hovold) \n- selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random (Dave Hansen) \n- mm/huge_memory.c: dont discard hugepage if other processes are mapping it (Miaohe Lin) \n- leds: ktd2692: Fix an error handling path (Christophe JAILLET) \n- leds: as3645a: Fix error return code in as3645a_parse_node() (Zhen Lei) \n- configfs: fix memleak in configfs_release_bin_file (Chung-Chiang Cheng) \n- extcon: max8997: Add missing modalias string (Marek Szyprowski) \n- extcon: sm5502: Drop invalid register write in sm5502_reg_data (Stephan Gerhold) \n- phy: ti: dm816x: Fix the error handling path in dm816x_usb_phy_probe() (Christophe JAILLET) \n- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (Zhen Lei) \n- of: Fix truncation of memory sizes on 32-bit platforms (Geert Uytterhoeven) \n- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (Richard Fitzgerald) \n- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (Dan Carpenter) \n- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (Dan Carpenter) \n- iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (Andy Shevchenko) \n- s390: appldata depends on PROC_SYSCTL (Randy Dunlap) \n- scsi: FlashPoint: Rename si_flags field (Randy Dunlap) \n- tty: nozomi: Fix the error handling path of nozomi_card_init() (Christophe JAILLET) \n- char: pcmcia: error out if num_bytes_read is greater than 4 in set_protocol() (Yu Kuai) \n- Input: hil_kbd - fix error return code in hil_dev_connect() (Zhen Lei) \n- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (Yang Yingliang) \n- iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adis_buffer: do not return ints in irq handlers (Nuno Sa) \n- mwifiex: re-fix for unaligned accesses (Arnd Bergmann) \n- tty: nozomi: Fix a resource leak in an error handling function (Christophe JAILLET) \n- net: sched: fix warning in tcindex_alloc_perfect_hash (Pavel Skripkin) \n- writeback: fix obtain a reference to a freeing memcg css (Muchun Song) \n- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (Luiz Augusto von Dentz) \n- Revert ibmvnic: remove duplicate napi_schedule call in open function (Dany Madden) \n- i40e: Fix error handling in i40e_vsi_open (Dinghao Liu) \n- net: bcmgenet: Fix attaching to PYH failed on RPi 4B (Jian-Hong Pan) \n- vxlan: add missing rcu_read_lock() in neigh_reduce() (Eric Dumazet) \n- pkt_sched: sch_qfq: fix qfq_change_class() error path (Eric Dumazet) \n- net: ethernet: ezchip: fix error handling (Pavel Skripkin) \n- net: ethernet: ezchip: fix UAF in nps_enet_remove (Pavel Skripkin) \n- net: ethernet: aeroflex: fix UAF in greth_of_remove (Pavel Skripkin) \n- samples/bpf: Fix the error return code of xdp_redirects main() (Wang Hai) \n- netfilter: nft_exthdr: check for IPv6 packet before further processing (Pablo Neira Ayuso) \n- netlabel: Fix memory leak in netlbl_mgmt_add_common (Liu Shixin) \n- ath10k: Fix an error code in ath10k_add_interface() (Yang Li) \n- brcmsmac: mac80211_if: Fix a resource leak in an error handling path (Christophe JAILLET) \n- wireless: carl9170: fix LEDS build errors & warnings (Randy Dunlap) \n- drm: qxl: ensure surf.data is ininitialized (Colin Ian King) \n- RDMA/rxe: Fix failure during driver load (Kamal Heib) \n- ehea: fix error return code in ehea_restart_qps() (Zhen Lei) \n- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (Yang Yingliang) \n- net: pch_gbe: Propagate error from devm_gpio_request_one() (Andy Shevchenko) \n- ocfs2: fix snprintf() checking (Dan Carpenter) \n- ACPI: sysfs: Fix a buffer overrun problem with description_show() (Krzysztof Wilczynski) \n- crypto: nx - Fix RCU warning in nx842_OF_upd_status (Herbert Xu) \n- spi: spi-sun6i: Fix chipselect/clock bug (Mirko Vogt) \n- btrfs: clear log tree recovering status if starting transaction fails (David Sterba) \n- hwmon: (max31790) Fix fan speed reporting for fan7..12 (Guenter Roeck) \n- hwmon: (max31722) Remove non-standard ACPI device IDs (Guenter Roeck) \n- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (Dillon Min) \n- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (Zhen Lei) \n- media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (Gustavo A. R. Silva) \n- media: tc358743: Fix error return code in tc358743_probe_of() (Zhen Lei) \n- media: exynos4-is: Fix a use after free in isp_video_release (Lv Yunlong) \n- pata_ep93xx: fix deferred probing (Sergey Shtylyov) \n- crypto: ccp - Fix a resource leak in an error handling path (Christophe JAILLET) \n- pata_octeon_cf: avoid WARN_ON() in ata_host_activate() (Sergey Shtylyov) \n- media: I2C: change RST to RSET to fix multiple build errors (Randy Dunlap) \n- pata_rb532_cf: fix deferred probing (Sergey Shtylyov) \n- sata_highbank: fix deferred probing (Sergey Shtylyov) \n- crypto: ux500 - Fix error return code in hash_hw_final() (Zhen Lei) \n- crypto: ixp4xx - dma_unmap the correct address (Corentin Labbe) \n- media: s5p_cec: decrement usage count if disabled (Mauro Carvalho Chehab) \n- ia64: mca_drv: fix incorrect array size calculation (Arnd Bergmann) \n- HID: wacom: Correct base usage for capacitive ExpressKey status bits (Jason Gerecke) \n- ACPI: tables: Add custom DSDT file as makefile prerequisite (Richard Fitzgerald) \n- platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (Jiapeng Chong) \n- ACPI: bus: Call kobject_put() in acpi_init() error path (Hanjun Guo) \n- ACPICA: Fix memory leak caused by _CID repair function (Erik Kaneda) \n- fs: dlm: fix memory leak when fenced (Alexander Aring) \n- random32: Fix implicit truncation warning in prandom_seed_state() (Richard Fitzgerald) \n- fs: dlm: cancel work sync othercon (Alexander Aring) \n- block_dump: remove block_dump feature in mark_inode_dirty() (zhangyi (F)) \n- ACPI: EC: Make more Asus laptops use ECDT _GPE (Chris Chiu) \n- lib: vsprintf: Fix handling of number field widths in vsscanf (Richard Fitzgerald) \n- hv_utils: Fix passing zero to PTR_ERR warning (YueHaibing) \n- ACPI: processor idle: Fix up C-state latency if not ordered (Mario Limonciello) \n- HID: do not use down_interruptible() when unbinding devices (Dmitry Torokhov) \n- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (Axel Lin) \n- btrfs: disable build on platforms having page size 256K (Christophe Leroy) \n- btrfs: abort transaction if we fail to update the delayed inode (Josef Bacik) \n- btrfs: fix error handling in __btrfs_update_delayed_inode (Josef Bacik) \n- media: siano: fix device register error path (Mauro Carvalho Chehab) \n- media: dvb_net: avoid speculation from net slot (Mauro Carvalho Chehab) \n- crypto: shash - avoid comparing pointers to exported functions under CFI (Ard Biesheuvel) \n- mmc: via-sdmmc: add a check against NULL pointer dereference (Zheyu Ma) \n- media: dvd_usb: memory leak in cinergyt2_fe_attach (Dongliang Mu) \n- media: st-hva: Fix potential NULL pointer dereferences (Evgeny Novikov) \n- media: bt8xx: Fix a missing check bug in bt878_probe (Zheyu Ma) \n- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (Lv Yunlong) \n- media: em28xx: Fix possible memory leak of em28xx struct (Igor Matheus Andrade Torrente) \n- crypto: qat - remove unused macro in FW loader (Jack Xu) \n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Jack Xu) \n- media: pvrusb2: fix warning in pvr2_i2c_core_done (Anirudh Rayabharam) \n- media: cobalt: fix race condition in setting HPD (Hans Verkuil) \n- media: cpia2: fix memory leak in cpia2_usb_probe (Pavel Skripkin) \n- crypto: nx - add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- spi: omap-100k: Fix the length judgment problem (Tian Tao) \n- spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (Jay Fang) \n- spi: spi-loopback-test: Fix tx_buf might be rx_buf (Jay Fang) \n- spi: Make of_register_spi_device also set the fwnode (Charles Keepax) \n- fuse: check connected before queueing on fpq->io (Miklos Szeredi) \n- seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (Yun Zhou) \n- rsi: Assign beacon rate settings to the correct rate_info descriptor field (Marek Vasut) \n- ssb: sdio: Dont overwrite const buffer if block_write fails (Michael Buesch) \n- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (Pali Rohar) \n- serial_cs: remove wrong GLOBETROTTER.cis entry (Ondrej Zary) \n- serial_cs: Add Option International GSM-Ready 56K/ISDN modem (Ondrej Zary) \n- serial: sh-sci: Stop dmaengine transfer in sci_stop_tx() (Yoshihiro Shimoda) \n- iio: ltr501: ltr501_read_ps(): add missing endianness conversion (Oliver Lang) \n- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (Oliver Lang) \n- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (Marc Kleine-Budde) \n- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (Martin Fuzzey) \n- s390/cio: dont call css_wait_for_slow_path() inside a lock (Vineeth Vijayan) \n- SUNRPC: Should wake up the privileged task firstly. (Zhang Xiaoxu) \n- SUNRPC: Fix the batch tasks count wraparound. (Zhang Xiaoxu) \n- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (Stephane Grosjean) \n- can: gw: synchronize rcu operations before removing gw job entry (Oliver Hartkopp) \n- ext4: fix avefreec in find_group_orlov (Pan Dong) \n- ext4: remove check for zero nr_to_scan in ext4_es_scan() (Zhang Yi) \n- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (Zhang Yi) \n- ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam) \n- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (Zhang Yi) \n- btrfs: clear defrag status of a root if starting transaction fails (David Sterba) \n- btrfs: send: fix invalid path for unlink operations after parent orphanization (Filipe Manana) \n- ARM: dts: at91: sama5d4: fix pinctrl muxing (Ludovic Desroches) \n- iov_iter_fault_in_readable() should do nothing in xarray case (Al Viro) \n- ntfs: fix validity check for file name attribute (Desmond Cheong Zhi Xi) \n- USB: cdc-acm: blacklist Heimann USB Appset device (Hannu Hartikainen) \n- usb: gadget: eem: fix echo command packet response issue (Linyu Yuan) \n- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (Pavel Skripkin) \n- Input: usbtouchscreen - fix control-request directions (Johan Hovold) \n- media: dvb-usb: fix wrong definition (Pavel Skripkin) \n- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (Daehwan Jung) \n- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33309109] \n- Revert 'net: geneve: check skb is large enough for IPv4/IPv6 header' (Somasundaram Krishnasamy) [Orabug: 33307212]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36322", "CVE-2021-28950", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3655", "CVE-2021-3679", "CVE-2021-38160", "CVE-2021-40490"], "modified": "2021-10-14T00:00:00", "id": "ELSA-2021-9485", "href": "http://linux.oracle.com/errata/ELSA-2021-9485.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:28:12", "description": "[4.14.35-2047.508.3.el7]\n- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}\n- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] \n- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735]\n[4.14.35-2047.508.2]\n- KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33360245] \n- Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359680] \n- net/mlx5: Rate limit errors in command interface (Leon Romanovsky) [Orabug: 33305503] \n- Bluetooth: defer cleanup of resources in hci_unregister_dev() (Tetsuo Handa) [Orabug: 33292634] {CVE-2021-3573}\n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33292634] \n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33292634] {CVE-2021-3564}\n- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33134287] \n- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33134287] \n- uek-rpm: Add dm-cache-smq.ko module (John Donnelly) [Orabug: 29198153]\n[4.14.35-2047.508.1]\n- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33324346] \n- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33329032] \n- ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33329032] \n- Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33329032] \n- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33327179] {CVE-2021-40490}\n- uek-rpm: add CONFIG_PVPANIC_PCI to aarch64 (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic-pci: Allow automatic loading (Eric Auger) [Orabug: 33155642] \n- misc/pvpanic: Remove some dead-code (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic: Make pvpanic_probe() resource managed (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-mmio: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-mmio: Fix error handling in pvpanic_mmio_probe() (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-pci: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic-pci: Fix error handling in pvpanic_pci_probe() (Christophe JAILLET) [Orabug: 33155642] \n- misc/pvpanic: Make some symbols static (YueHaibing) [Orabug: 33155642] \n- misc/pvpanic: fix return value check in pvpanic_pci_probe() (Qiheng Lin) [Orabug: 33155642] \n- misc/pvpanic: add PCI driver (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: probe multiple instances (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: split-up generic and platform dependent code (Mihai Carabas) [Orabug: 33155642] \n- misc/pvpanic: Export module FDT device table (Shile Zhang) [Orabug: 33155642] \n- misc: pvpanic: sysfs_emit uses should have a newline (Joe Perches) [Orabug: 33155642] \n- misc: pvpanic: introduce events device attribue (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: introduce device capability (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: Check devm_ioport_map() for NULL (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Replace OF headers by mod_devicetable.h (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Combine ACPI and platform drivers (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: Use devm_platform_ioremap_resource() (Wang ShaoBo) [Orabug: 33155642] \n- driver core: platform: Introduce platform_get_mem_or_io() (Andy Shevchenko) [Orabug: 33155642] \n- misc: pvpanic: move bit definition to uapi header file (zhenwei pi) [Orabug: 33155642] \n- misc: pvpanic: fix warning implicit declaration (Anders Roxell) [Orabug: 33155642] \n- misc/pvpanic: resolve compile errors for arch=um (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: fix a NULL vs IS_ERR() check (Dan Carpenter) [Orabug: 33155642] \n- misc/pvpanic: remove a redundant comma (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: convert to SPDX license tags (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: change header file sort style (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: remove unnecessary header file (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic : break dependency on ACPI (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic : grouping ACPI related stuff (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: add support to get pvpanic device info FDT (Peng Hao) [Orabug: 33155642] \n- dt-bindings: misc/pvpanic: add document for pvpanic-mmio (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: add MMIO support (Peng Hao) [Orabug: 33155642] \n- misc/pvpanic: simplify the code using acpi_dev_resource_io (Peng Hao) [Orabug: 33155642] \n- pvpanic: move pvpanic to misc as common driver (Peng Hao) [Orabug: 33155642] \n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32769032] {CVE-2020-36322}\n- Linux 4.14.243 (Greg Kroah-Hartman) \n- spi: mediatek: Fix fifo transfer (Guenter Roeck) \n- Revert watchdog: iTCO_wdt: Account for rebooting on second timeout (Greg Kroah-Hartman) \n- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (Sean Christopherson) \n- KVM: do not assume PTE is writable after follow_pfn (Paolo Bonzini) \n- Revert Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Greg Kroah-Hartman) \n- net: Fix zero-copy head len calculation. (Pravin B Shelar) \n- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() (Jia He) \n- r8152: Fix potential PM refcount imbalance (Takashi Iwai) \n- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (Axel Lin) \n- btrfs: mark compressed range uptodate only if all bio succeed (Goldwyn Rodrigues) \n- Linux 4.14.242 (Greg Kroah-Hartman) \n- Revert perf map: Fix dso->nsinfo refcounting (Arnaldo Carvalho de Melo) \n- can: hi311x: fix a signedness bug in hi3110_cmd() (Dan Carpenter) \n- sis900: Fix missing pci_disable_device() in probe and remove (Wang Hai) \n- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (Wang Hai) \n- sctp: fix return value check in __sctp_rcv_asconf_lookup (Marcelo Ricardo Leitner) \n- net/mlx5: Fix flow table chaining (Maor Gottlieb) \n- net: llc: fix skb_over_panic (Pavel Skripkin) \n- mlx4: Fix missing error code in mlx4_load_one() (Jiapeng Chong) \n- tipc: fix sleeping in tipc accept routine (Hoang Le) \n- netfilter: nft_nat: allow to specify layer 4 protocol NAT only (Pablo Neira Ayuso) \n- netfilter: conntrack: adjust stop timestamp to real expiry value (Florian Westphal) \n- cfg80211: Fix possible memory leak in function cfg80211_bss_update (Nguyen Dinh Phi) \n- x86/asm: Ensure asm/proto.h can be included stand-alone (Jan Kiszka) \n- nfc: nfcsim: fix use after free during module unload (Krzysztof Kozlowski) \n- NIU: fix incorrect error return, missed in previous revert (Paul Jakma) \n- can: esd_usb2: fix memory leak (Pavel Skripkin) \n- can: ems_usb: fix memory leak (Pavel Skripkin) \n- can: usb_8dev: fix memory leak (Pavel Skripkin) \n- can: mcba_usb_start(): add missing urb->transfer_dma initialization (Pavel Skripkin) \n- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (Ziyang Xuan) \n- x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- gro: ensure frag0 meets IP header alignment (Eric Dumazet) \n- virtio_net: Do not pull payload in skb->head (Eric Dumazet) \n- ARM: dts: versatile: Fix up interrupt controller node names (Sudeep Holla) \n- hfs: add lock nesting notation to hfs_find_init (Desmond Cheong Zhi Xi) \n- hfs: fix high memory mapping in hfs_bnode_read (Desmond Cheong Zhi Xi) \n- hfs: add missing clean-up in hfs_fill_super (Desmond Cheong Zhi Xi) \n- sctp: move 198 addresses from unusable to private scope (Xin Long) \n- net: annotate data race around sk_ll_usec (Eric Dumazet) \n- net/802/garp: fix memleak in garp_request_join() (Yang Yingliang) \n- net/802/mrp: fix memleak in mrp_request_join() (Yang Yingliang) \n- workqueue: fix UAF in pwq_unbound_release_workfn() (Yang Yingliang) \n- af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) \n- net: split out functions related to registering inflight socket files (Jens Axboe) \n- KVM: x86: determine if an exception has an error code only when injecting it. (Maxim Levitsky) \n- selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c (Greg Kroah-Hartman)\n[4.14.35-2047.508.0]\n- Linux 4.14.241 (Greg Kroah-Hartman) \n- xhci: add xhci_get_virt_ep() helper (Mathias Nyman) \n- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (Christophe JAILLET) \n- btrfs: compression: dont try to compress if we dont have enough pages (David Sterba) \n- iio: accel: bma180: Fix BMA25x bandwidth register values (Stephan Gerhold) \n- iio: accel: bma180: Use explicit member assignment (Linus Walleij) \n- net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear (Doug Berger) \n- drm: Return -ENOTTY for non-drm ioctls (Charles Baylis) \n- selftest: use mmap instead of posix_memalign to allocate memory (Peter Collingbourne) \n- ixgbe: Fix packet corruption due to missing DMA sync (Markus Boehme) \n- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (Gustavo A. R. Silva) \n- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33198436] {CVE-2021-3679}\n- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. (Minas Harutyunyan) \n- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (John Keeping) \n- USB: serial: cp210x: fix comments for GE CS1000 (Ian Ray) \n- USB: serial: option: add support for u-blox LARA-R6 family (Marco De Marco) \n- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (Yoshihiro Shimoda) \n- usb: max-3421: Prevent corruption of freed memory (Mark Tomlinson) \n- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (Julian Sikorski) \n- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (Mathias Nyman) \n- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Nicholas Piggin) \n- xhci: Fix lost USB 2 remote wake (Mathias Nyman) \n- ALSA: sb: Fix potential ABBA deadlock in CSP driver (Takashi Iwai) \n- s390/ftrace: fix ftrace_update_ftrace_func implementation (Vasily Gorbik) \n- Revert MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei) \n- proc: Avoid mixing integer types in mem_rw() (Marcelo Henrique Cerri) \n- Revert USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (Vincent Palatin) \n- spi: cadence: Correct initialisation of runtime PM again (Marek Vasut) \n- scsi: target: Fix protect handling in WRITE SAME(32) (Dmitry Bogdanov) \n- scsi: iscsi: Fix iface sysfs attr detection (Mike Christie) \n- netrom: Decrease sock refcount when sock timers expire (Nguyen Dinh Phi) \n- net: decnet: Fix sleeping inside in af_decnet (Yajun Deng) \n- net: fix uninit-value in caif_seqpkt_sendmsg (Ziyang Xuan) \n- s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] (Colin Ian King) \n- liquidio: Fix unintentional sign extension issue on left shift of u16 (Colin Ian King) \n- spi: mediatek: fix fifo rx mode (Peter Hess) \n- perf probe-file: Delete namelist in del_events() on the error path (Riccardo Mancini) \n- perf test bpf: Free obj_buf (Riccardo Mancini) \n- perf lzma: Close lzma stream on exit (Riccardo Mancini) \n- perf probe: Fix dso->nsinfo refcounting (Riccardo Mancini) \n- perf map: Fix dso->nsinfo refcounting (Riccardo Mancini) \n- igb: Check if num of q_vectors is smaller than max before array access (Aleksandr Loktionov) \n- iavf: Fix an error handling path in iavf_probe() (Christophe JAILLET) \n- e1000e: Fix an error handling path in e1000_probe() (Christophe JAILLET) \n- fm10k: Fix an error handling path in fm10k_probe() (Christophe JAILLET) \n- igb: Fix an error handling path in igb_probe() (Christophe JAILLET) \n- ixgbe: Fix an error handling path in ixgbe_probe() (Christophe JAILLET) \n- igb: Fix use-after-free error during reset (Vinicius Costa Gomes) \n- ipv6: tcp: drop silly ICMPv6 packet too big messages (Eric Dumazet) \n- tcp: annotate data races around tp->mtu_info (Eric Dumazet) \n- dma-buf/sync_file: Dont leak fences on merge failure (Jason Ekstrand) \n- net: validate lwtstate->data before returning from skb_tunnel_info() (Taehee Yoo) \n- net: send SYNACK packet with accepted fwmark (Alexander Ovechkin) \n- net: ti: fix UAF in tlan_remove_one (Pavel Skripkin) \n- net: qcom/emac: fix UAF in emac_remove (Pavel Skripkin) \n- net: moxa: fix UAF in moxart_mac_probe (Pavel Skripkin) \n- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (Florian Fainelli) \n- net: bridge: sync fdb to new unicast-filtering ports (Wolfgang Bumiller) \n- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (Vasily Averin) \n- net: ipv6: fix return value of ip6_skb_dst_mtu (Vadim Fedorenko) \n- sched/fair: Fix CFS bandwidth hrtimer expiry type (Odin Ugedal) \n- scsi: libfc: Fix array index out of bound exception (Javed Hasan) \n- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (Colin Ian King) \n- rtc: max77686: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski) \n- kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set (Matthias Maennich) \n- thermal/core: Correct function name thermal_zone_device_unregister() (Yang Yingliang) \n- arm64: dts: ls208xa: remove bus-num from dspi node (Mian Yousaf Kaukab) \n- arm64: dts: juno: Update SCPI nodes as per the YAML schema (Sudeep Holla) \n- ARM: dts: stm32: fix RCC node name on stm32f429 MCU (Alexandre Torgue) \n- ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info (Jonathan Neuschafer) \n- ARM: dts: imx6: phyFLEX: Fix UART hardware flow control (Primoz Fiser) \n- ARM: dts: BCM63xx: Fix NAND nodes names (Rafal Milecki) \n- ARM: NSP: dts: fix NAND nodes names (Rafal Milecki) \n- ARM: Cygnus: dts: fix NAND nodes names (Rafal Milecki) \n- ARM: brcmstb: dts: fix NAND nodes names (Rafal Milecki) \n- reset: ti-syscon: fix to_ti_syscon_reset_data macro (Philipp Zabel) \n- arm64: dts: rockchip: Fix power-controller node names for rk3328 (Elaine Zhang) \n- ARM: dts: rockchip: Fix power-controller node names for rk3288 (Elaine Zhang) \n- ARM: dts: rockchip: Fix the timer clocks order (Ezequiel Garcia) \n- arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi (Johan Jonker) \n- ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 (Johan Jonker) \n- ARM: dts: gemini: add device_type on pci (Corentin Labbe) \n- Linux 4.14.240 (Greg Kroah-Hartman) \n- net: bridge: multicast: fix PIM hello router port marking race (Nikolay Aleksandrov) \n- MIPS: vdso: Invalid GIC access through VDSO (Martin Facknitz) \n- mips: disable branch profiling in boot/decompress.o (Randy Dunlap) \n- mips: always link byteswap helpers into decompressor (Arnd Bergmann) \n- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (Christophe JAILLET) \n- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (Aswath Govindraju) \n- memory: fsl_ifc: fix leak of private memory on probe failure (Krzysztof Kozlowski) \n- memory: fsl_ifc: fix leak of IO mapping on probe failure (Krzysztof Kozlowski) \n- reset: bail if try_module_get() fails (Philipp Zabel) \n- ARM: dts: BCM5301X: Fixup SPI binding (Rafal Milecki) \n- ARM: dts: r8a7779, marzen: Fix DU clock names (Geert Uytterhoeven) \n- rtc: fix snprintf() checking in is_rtc_hctosys() (Dan Carpenter) \n- memory: atmel-ebi: add missing of_node_put for loop iteration (Krzysztof Kozlowski) \n- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (Krzysztof Kozlowski) \n- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (Krzysztof Kozlowski) \n- reset: a10sr: add missing of_match_table reference (Krzysztof Kozlowski) \n- hexagon: use common DISCARDS macro (Nathan Chancellor) \n- NFSv4/pNFS: Dont call _nfs4_pnfs_v3_ds_connect multiple times (Trond Myklebust) \n- ALSA: isa: Fix error return code in snd_cmi8330_probe() (Zhen Lei) \n- x86/fpu: Limit xstate copy size in xstateregs_set() (Thomas Gleixner) \n- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (Zhihao Cheng) \n- nfs: fix acl memory leak of posix_acl_create() (Gao Xiang) \n- watchdog: aspeed: fix hardware timeout calculation (Tao Ren) \n- um: fix error return code in winch_tramp() (Zhen Lei) \n- um: fix error return code in slip_open() (Zhen Lei) \n- power: supply: rt5033_battery: Fix device tree enumeration (Stephan Gerhold) \n- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (Krzysztof Wilczynski) \n- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs (Chao Yu) \n- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33209273] {CVE-2021-38160}\n- virtio_net: Fix error handling in virtnet_restore() (Xie Yongji) \n- virtio-blk: Fix memory leak among suspend/resume procedure (Xie Yongji) \n- ACPI: video: Add quirk for the Dell Vostro 3350 (Hans de Goede) \n- ACPI: AMBA: Fix resource name in /proc/iomem (Liguang Zhang) \n- pwm: tegra: Dont modify HW state in .remove callback (Uwe Kleine-Konig) \n- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- NFS: nfs_find_open_context() may only select open files (Trond Myklebust) \n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) \n- orangefs: fix orangefs df output. (Mike Marshall) \n- x86/fpu: Return proper error codes from user access functions (Thomas Gleixner) \n- watchdog: iTCO_wdt: Account for rebooting on second timeout (Jan Kiszka) \n- watchdog: Fix possible use-after-free by calling del_timer_sync() (Zou Wei) \n- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (Zou Wei) \n- watchdog: Fix possible use-after-free in wdt_startup() (Zou Wei) \n- ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 (Nick Desaulniers) \n- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski) \n- power: supply: ab8500: Avoid NULL pointers (Linus Walleij) \n- pwm: spear: Dont modify HW state in .remove callback (Uwe Kleine-Konig) \n- lib/decompress_unlz4.c: correctly handle zero-padding around initrds. (Dimitri John Ledkov) \n- i2c: core: Disable client irq on reboot/shutdown (Dmitry Torokhov) \n- intel_th: Wait until port is in reset before programming it (Alexander Shishkin) \n- staging: rtl8723bs: fix macro value for 2.4Ghz only device (Fabio Aiuto) \n- ALSA: hda: Add IRQ check for platform_get_irq() (Jiajun Cao) \n- backlight: lm3630a: Fix return code of .update_status() callback (Uwe Kleine-Konig) \n- powerpc/boot: Fixup device-tree on little endian (Benjamin Herrenschmidt) \n- usb: gadget: hid: fix error return code in hid_bind() (Yang Yingliang) \n- usb: gadget: f_hid: fix endianness issue with descriptors (Ruslan Bilovol) \n- ALSA: bebob: add support for ToneWeal FW66 (Takashi Sakamoto) \n- ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (Zhen Lei) \n- selftests/powerpc: Fix no_handler EBB selftest (Athira Rajeev) \n- ALSA: ppc: fix error return code in snd_pmac_probe() (Yang Yingliang) \n- gpio: zynq: Check return value of pm_runtime_get_sync (Srinivas Neeli) \n- powerpc/ps3: Add dma_mask to ps3_dma_region (Geoff Levand) \n- ALSA: sb: Fix potential double-free of CSP mixer elements (Takashi Iwai) \n- s390/sclp_vt220: fix console name to match device (Valentin Vidic) \n- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (Zou Wei) \n- scsi: qedi: Fix null ref during abort handling (Mike Christie) \n- scsi: iscsi: Fix shost->max_id use (Mike Christie) \n- scsi: iscsi: Add iscsi_cls_conn refcount helpers (Mike Christie) \n- fs/jfs: Fix missing error code in lmLogInit() (Jiapeng Chong) \n- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (Christophe JAILLET) \n- scsi: core: Cap scsi_host cmd_per_lun at can_queue (John Garry) \n- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (James Smart) \n- scsi: lpfc: Fix Unexpected timeout error in direct attach topology (James Smart) \n- w1: ds2438: fixing bug that would always get page0 (Luiz Sampaio) \n- Revert ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (Takashi Sakamoto) \n- misc/libmasm/module: Fix two use after free in ibmasm_init_one (Lv Yunlong) \n- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (Sherry Sun) \n- PCI: aardvark: Fix kernel panic during PIO transfer (Pali Rohar) \n- PCI: aardvark: Dont rely on jiffies while holding spinlock (Remi Pommarel) \n- tracing: Do not reference char * as a string in histograms (Steven Rostedt (VMware)) \n- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (Tyrel Datwyler) \n- KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() (Lai Jiangshan) \n- KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled (Sean Christopherson) \n- smackfs: restrict bytes count in smk_set_cipso() (Tetsuo Handa) \n- jfs: fix GPF in diFree (Pavel Skripkin) \n- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (Benjamin Drung) \n- media: gspca/sunplus: fix zero-length control requests (Johan Hovold) \n- media: gspca/sq905: fix control-request direction (Johan Hovold) \n- media: zr364xx: fix memory leak in zr364xx_start_readpipe (Pavel Skripkin) \n- media: dtv5100: fix control-request directions (Johan Hovold) \n- dm btree remove: assign new_root only when removal succeeds (Hou Tao) \n- ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe (Lv Yunlong) \n- tracing: Simplify & fix saved_tgids logic (Paul Burton) \n- seq_buf: Fix overflow in seq_buf_putmem_hex() (Yun Zhou) \n- power: supply: ab8500: Fix an old bug (Linus Walleij) \n- ipmi/watchdog: Stop watchdog timer when the current action is none (Petr Pavlu) \n- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (Nathan Chancellor) \n- ASoC: tegra: Set driver_name=tegra for all machine drivers (Dmitry Osipenko) \n- cpu/hotplug: Cure the cpusets trainwreck (Thomas Gleixner) \n- ata: ahci_sunxi: Disable DIPM (Timo Sigurdsson) \n- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (Christian Lohle) \n- mmc: core: clear flags before allowing to retune (Wolfram Sang) \n- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (Al Cooper) \n- pinctrl/amd: Add device HID for new AMD GPIO controller (Maximilian Luz) \n- drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (Jing Xiangfeng) \n- usb: gadget: f_fs: Fix setting of device and driver data cross-references (Andrew Gabbasov) \n- powerpc/barrier: Avoid collision with clangs __lwsync macro (Nathan Chancellor) \n- mac80211: fix memory corruption in EAPOL handling (Davis Mosenkovs) \n- fuse: reject internal errno (Miklos Szeredi) \n- bdi: Do not use freezable workqueue (Mika Westerberg) \n- fscrypt: dont ignore minor_hash when hash is 0 (Eric Biggers) \n- sctp: add size validation when walking chunks (Marcelo Ricardo Leitner) \n- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33198408] {CVE-2021-3655}\n- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. (Tim Jiang) \n- Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Kai-Heng Feng) \n- Bluetooth: Fix the HCI to MGMT status conversion table (Yu Liu) \n- wireless: wext-spy: Fix out-of-bounds warning (Gustavo A. R. Silva) \n- sfc: error code if SRIOV cannot be disabled (inigo Huguet) \n- sfc: avoid double pci_remove of VFs (inigo Huguet) \n- iwlwifi: mvm: dont change band on bound PHY contexts (Johannes Berg) \n- RDMA/rxe: Dont overwrite errno from ib_umem_get() (Xiao Yang) \n- vsock: notify server to shutdown when client has pending signal (Longpeng(Mike)) \n- atm: nicstar: register the interrupt handler in the right place (Zheyu Ma) \n- atm: nicstar: use dma_free_coherent instead of kfree (Zheyu Ma) \n- MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei) \n- cw1200: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (Lee Gibson) \n- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (Tony Lindgren) \n- xfrm: Fix error reporting in xfrm_state_construct. (Steffen Klassert) \n- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC (Minchan Kim) \n- fjes: check return value after calling platform_get_resource() (Yang Yingliang) \n- net: micrel: check return value after calling platform_get_resource() (Yang Yingliang) \n- net: bcmgenet: check return value after calling platform_get_resource() (Yang Yingliang) \n- virtio_net: Remove BUG() to avoid machine dead (Xianting Tian) \n- dm space maps: dont reset space map allocation cursor when committing (Joe Thornber) \n- RDMA/cxgb4: Fix missing error code in create_qp() (Jiapeng Chong) \n- ipv6: use prandom_u32() for ID generation (Willy Tarreau) \n- clk: tegra: Ensure that PLLU configuration is applied properly (Dmitry Osipenko) \n- clk: renesas: r8a77995: Add ZA2 clock (Kuninori Morimoto) \n- e100: handle eeprom as little endian (Jesse Brandeburg) \n- udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti) \n- drm/virtio: Fix double free on probe failure (Xie Yongji) \n- reiserfs: add check for invalid 1st journal block (Pavel Skripkin) \n- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Sebastian Andrzej Siewior) \n- atm: nicstar: Fix possible use-after-free in nicstar_cleanup() (Zou Wei) \n- mISDN: fix possible use-after-free in HFC_cleanup() (Zou Wei) \n- atm: iphase: fix possible use-after-free in ia_module_exit() (Zou Wei) \n- hugetlb: clear huge pte during flush function on mips platform (Bibo Mao) \n- net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() (Andy Shevchenko) \n- drm/amd/amdgpu/sriov disable all ip hw status by default (Jack Zhang) \n- drm/zte: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann) \n- drm/mxsfb: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann) \n- mmc: vub3000: fix control-request direction (Johan Hovold) \n- selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random (Dave Hansen) \n- mm/huge_memory.c: dont discard hugepage if other processes are mapping it (Miaohe Lin) \n- leds: ktd2692: Fix an error handling path (Christophe JAILLET) \n- leds: as3645a: Fix error return code in as3645a_parse_node() (Zhen Lei) \n- configfs: fix memleak in configfs_release_bin_file (Chung-Chiang Cheng) \n- extcon: max8997: Add missing modalias string (Marek Szyprowski) \n- extcon: sm5502: Drop invalid register write in sm5502_reg_data (Stephan Gerhold) \n- phy: ti: dm816x: Fix the error handling path in dm816x_usb_phy_probe() (Christophe JAILLET) \n- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (Zhen Lei) \n- of: Fix truncation of memory sizes on 32-bit platforms (Geert Uytterhoeven) \n- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (Richard Fitzgerald) \n- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (Dan Carpenter) \n- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (Dan Carpenter) \n- iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (Andy Shevchenko) \n- s390: appldata depends on PROC_SYSCTL (Randy Dunlap) \n- scsi: FlashPoint: Rename si_flags field (Randy Dunlap) \n- tty: nozomi: Fix the error handling path of nozomi_card_init() (Christophe JAILLET) \n- char: pcmcia: error out if num_bytes_read is greater than 4 in set_protocol() (Yu Kuai) \n- Input: hil_kbd - fix error return code in hil_dev_connect() (Zhen Lei) \n- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (Yang Yingliang) \n- iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron) \n- iio: adis_buffer: do not return ints in irq handlers (Nuno Sa) \n- mwifiex: re-fix for unaligned accesses (Arnd Bergmann) \n- tty: nozomi: Fix a resource leak in an error handling function (Christophe JAILLET) \n- net: sched: fix warning in tcindex_alloc_perfect_hash (Pavel Skripkin) \n- writeback: fix obtain a reference to a freeing memcg css (Muchun Song) \n- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (Luiz Augusto von Dentz) \n- Revert ibmvnic: remove duplicate napi_schedule call in open function (Dany Madden) \n- i40e: Fix error handling in i40e_vsi_open (Dinghao Liu) \n- net: bcmgenet: Fix attaching to PYH failed on RPi 4B (Jian-Hong Pan) \n- vxlan: add missing rcu_read_lock() in neigh_reduce() (Eric Dumazet) \n- pkt_sched: sch_qfq: fix qfq_change_class() error path (Eric Dumazet) \n- net: ethernet: ezchip: fix error handling (Pavel Skripkin) \n- net: ethernet: ezchip: fix UAF in nps_enet_remove (Pavel Skripkin) \n- net: ethernet: aeroflex: fix UAF in greth_of_remove (Pavel Skripkin) \n- samples/bpf: Fix the error return code of xdp_redirects main() (Wang Hai) \n- netfilter: nft_exthdr: check for IPv6 packet before further processing (Pablo Neira Ayuso) \n- netlabel: Fix memory leak in netlbl_mgmt_add_common (Liu Shixin) \n- ath10k: Fix an error code in ath10k_add_interface() (Yang Li) \n- brcmsmac: mac80211_if: Fix a resource leak in an error handling path (Christophe JAILLET) \n- wireless: carl9170: fix LEDS build errors & warnings (Randy Dunlap) \n- drm: qxl: ensure surf.data is ininitialized (Colin Ian King) \n- RDMA/rxe: Fix failure during driver load (Kamal Heib) \n- ehea: fix error return code in ehea_restart_qps() (Zhen Lei) \n- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (Yang Yingliang) \n- net: pch_gbe: Propagate error from devm_gpio_request_one() (Andy Shevchenko) \n- ocfs2: fix snprintf() checking (Dan Carpenter) \n- ACPI: sysfs: Fix a buffer overrun problem with description_show() (Krzysztof Wilczynski) \n- crypto: nx - Fix RCU warning in nx842_OF_upd_status (Herbert Xu) \n- spi: spi-sun6i: Fix chipselect/clock bug (Mirko Vogt) \n- btrfs: clear log tree recovering status if starting transaction fails (David Sterba) \n- hwmon: (max31790) Fix fan speed reporting for fan7..12 (Guenter Roeck) \n- hwmon: (max31722) Remove non-standard ACPI device IDs (Guenter Roeck) \n- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (Dillon Min) \n- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (Zhen Lei) \n- media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (Gustavo A. R. Silva) \n- media: tc358743: Fix error return code in tc358743_probe_of() (Zhen Lei) \n- media: exynos4-is: Fix a use after free in isp_video_release (Lv Yunlong) \n- pata_ep93xx: fix deferred probing (Sergey Shtylyov) \n- crypto: ccp - Fix a resource leak in an error handling path (Christophe JAILLET) \n- pata_octeon_cf: avoid WARN_ON() in ata_host_activate() (Sergey Shtylyov) \n- media: I2C: change RST to RSET to fix multiple build errors (Randy Dunlap) \n- pata_rb532_cf: fix deferred probing (Sergey Shtylyov) \n- sata_highbank: fix deferred probing (Sergey Shtylyov) \n- crypto: ux500 - Fix error return code in hash_hw_final() (Zhen Lei) \n- crypto: ixp4xx - dma_unmap the correct address (Corentin Labbe) \n- media: s5p_cec: decrement usage count if disabled (Mauro Carvalho Chehab) \n- ia64: mca_drv: fix incorrect array size calculation (Arnd Bergmann) \n- HID: wacom: Correct base usage for capacitive ExpressKey status bits (Jason Gerecke) \n- ACPI: tables: Add custom DSDT file as makefile prerequisite (Richard Fitzgerald) \n- platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (Jiapeng Chong) \n- ACPI: bus: Call kobject_put() in acpi_init() error path (Hanjun Guo) \n- ACPICA: Fix memory leak caused by _CID repair function (Erik Kaneda) \n- fs: dlm: fix memory leak when fenced (Alexander Aring) \n- random32: Fix implicit truncation warning in prandom_seed_state() (Richard Fitzgerald) \n- fs: dlm: cancel work sync othercon (Alexander Aring) \n- block_dump: remove block_dump feature in mark_inode_dirty() (zhangyi (F)) \n- ACPI: EC: Make more Asus laptops use ECDT _GPE (Chris Chiu) \n- lib: vsprintf: Fix handling of number field widths in vsscanf (Richard Fitzgerald) \n- hv_utils: Fix passing zero to PTR_ERR warning (YueHaibing) \n- ACPI: processor idle: Fix up C-state latency if not ordered (Mario Limonciello) \n- HID: do not use down_interruptible() when unbinding devices (Dmitry Torokhov) \n- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (Axel Lin) \n- btrfs: disable build on platforms having page size 256K (Christophe Leroy) \n- btrfs: abort transaction if we fail to update the delayed inode (Josef Bacik) \n- btrfs: fix error handling in __btrfs_update_delayed_inode (Josef Bacik) \n- media: siano: fix device register error path (Mauro Carvalho Chehab) \n- media: dvb_net: avoid speculation from net slot (Mauro Carvalho Chehab) \n- crypto: shash - avoid comparing pointers to exported functions under CFI (Ard Biesheuvel) \n- mmc: via-sdmmc: add a check against NULL pointer dereference (Zheyu Ma) \n- media: dvd_usb: memory leak in cinergyt2_fe_attach (Dongliang Mu) \n- media: st-hva: Fix potential NULL pointer dereferences (Evgeny Novikov) \n- media: bt8xx: Fix a missing check bug in bt878_probe (Zheyu Ma) \n- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (Lv Yunlong) \n- media: em28xx: Fix possible memory leak of em28xx struct (Igor Matheus Andrade Torrente) \n- crypto: qat - remove unused macro in FW loader (Jack Xu) \n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Jack Xu) \n- media: pvrusb2: fix warning in pvr2_i2c_core_done (Anirudh Rayabharam) \n- media: cobalt: fix race condition in setting HPD (Hans Verkuil) \n- media: cpia2: fix memory leak in cpia2_usb_probe (Pavel Skripkin) \n- crypto: nx - add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- spi: omap-100k: Fix the length judgment problem (Tian Tao) \n- spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (Jay Fang) \n- spi: spi-loopback-test: Fix tx_buf might be rx_buf (Jay Fang) \n- spi: Make of_register_spi_device also set the fwnode (Charles Keepax) \n- fuse: check connected before queueing on fpq->io (Miklos Szeredi) \n- seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (Yun Zhou) \n- rsi: Assign beacon rate settings to the correct rate_info descriptor field (Marek Vasut) \n- ssb: sdio: Dont overwrite const buffer if block_write fails (Michael Buesch) \n- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (Pali Rohar) \n- serial_cs: remove wrong GLOBETROTTER.cis entry (Ondrej Zary) \n- serial_cs: Add Option International GSM-Ready 56K/ISDN modem (Ondrej Zary) \n- serial: sh-sci: Stop dmaengine transfer in sci_stop_tx() (Yoshihiro Shimoda) \n- iio: ltr501: ltr501_read_ps(): add missing endianness conversion (Oliver Lang) \n- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (Oliver Lang) \n- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (Marc Kleine-Budde) \n- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (Martin Fuzzey) \n- s390/cio: dont call css_wait_for_slow_path() inside a lock (Vineeth Vijayan) \n- SUNRPC: Should wake up the privileged task firstly. (Zhang Xiaoxu) \n- SUNRPC: Fix the batch tasks count wraparound. (Zhang Xiaoxu) \n- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (Stephane Grosjean) \n- can: gw: synchronize rcu operations before removing gw job entry (Oliver Hartkopp) \n- ext4: fix avefreec in find_group_orlov (Pan Dong) \n- ext4: remove check for zero nr_to_scan in ext4_es_scan() (Zhang Yi) \n- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (Zhang Yi) \n- ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam) \n- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (Zhang Yi) \n- btrfs: clear defrag status of a root if starting transaction fails (David Sterba) \n- btrfs: send: fix invalid path for unlink operations after parent orphanization (Filipe Manana) \n- ARM: dts: at91: sama5d4: fix pinctrl muxing (Ludovic Desroches) \n- iov_iter_fault_in_readable() should do nothing in xarray case (Al Viro) \n- ntfs: fix validity check for file name attribute (Desmond Cheong Zhi Xi) \n- USB: cdc-acm: blacklist Heimann USB Appset device (Hannu Hartikainen) \n- usb: gadget: eem: fix echo command packet response issue (Linyu Yuan) \n- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (Pavel Skripkin) \n- Input: usbtouchscreen - fix control-request directions (Johan Hovold) \n- media: dvb-usb: fix wrong definition (Pavel Skripkin) \n- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (Daehwan Jung) \n- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33309109] \n- Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33307212]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36322", "CVE-2021-28950", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3655", "CVE-2021-3679", "CVE-2021-38160", "CVE-2021-40490"], "modified": "2021-10-14T00:00:00", "id": "ELSA-2021-9488", "href": "http://linux.oracle.com/errata/ELSA-2021-9488.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:43", "description": "[4.14.35-2025.405.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280]\n[4.14.35-2025.405.2]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350995]\n[4.14.35-2025.405.1]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208] \n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9035", "href": "http://linux.oracle.com/errata/ELSA-2021-9035.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:36", "description": "[4.14.35-2025.405.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426280]\n[4.14.35-2025.405.2.el7]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug:\n 32350995]\n[4.14.35-2025.405.1.el7]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641]\n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275]\n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0.el7]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9039", "href": "http://linux.oracle.com/errata/ELSA-2021-9039.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:51", "description": "[5.4.17-2136.307.3.1]\n- Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy\n Palaniappan) [Orabug: 34124233]\n[5.4.17-2136.307.3]\n- kvm: debugfs: fix memory leak in kvm_create_vm_debugfs (Pavel Skripkin) [Orabug: 33099019]\n- KVM: debugfs: Reuse binary stats descriptors (Jing Zhang) [Orabug: 33099019]\n- KVM: selftests: Add selftest for KVM statistics data binary interface (Jing Zhang) [Orabug: 33099019]\n- KVM: stats: Add documentation for binary statistics interface (Jing Zhang) [Orabug: 33099019]\n- KVM: stats: Support binary stats retrieval for a VCPU (Jing Zhang) [Orabug: 33099019]\n- KVM: stats: Support binary stats retrieval for a VM (Jing Zhang) [Orabug: 33099019]\n- KVM: stats: Add fd-based API to read binary stats data (Jing Zhang) [Orabug: 33099019]\n- KVM: stats: Separate generic stats from architecture specific ones (Jing Zhang) [Orabug: 33099019]\n- KVM: switch per-VM stats to u64 (Paolo Bonzini) [Orabug: 33099019]\n- kvm_host: unify VM_STAT and VCPU_STAT definitions in a single place (Emanuele Giuseppe Esposito) [Orabug: 33099019]\n- kvm: Refactor handling of VM debugfs files (Milan Pandurov) [Orabug: 33099019]\n- mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018]\n- scsi: mpt3sas: Clean up some inconsistent indenting (Colin Ian King) [Orabug: 33666018]\n- scsi: mpt3sas: Fix incorrectly assigned error return and check (Colin Ian King) [Orabug: 33666018]\n- scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (Damien Le Moal) [Orabug: 33666018]\n- scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Bump driver version to 38.100.00.00 (Sreekanth Reddy) [Orabug: 33666018]\n- scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018]\n- scsi: mpt3sas: Fix Coverity reported issue (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018]\n- scsi: mpt3sas: Handle firmware faults during second (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018]\n- scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018]\n- scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018]\n- scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018]\n- scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018]\n- scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018]\n- scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Update driver version to 37.101.00.00 (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force reply post array allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018]\n- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018]\n- scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018]\n- scsi: mpt3sas: Update driver version to 37.100.00.00 (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018]\n- scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018]\n- scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018]\n- scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018]\n- mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018919]\n- mei: add device kind to sysfs (Alexander Usyskin) [Orabug: 34018919]\n- mei: me: add MEI device for SPT with ITPS capability (Tomas Winkler) [Orabug: 34018919]\n- mei: me: make mei_me_fw_sku_sps_4() less cryptic (Tomas Winkler) [Orabug: 34018919]\n- mei: me: constify the device parameter to the probe quirk (Tomas Winkler) [Orabug: 34018919]\n- mei: me: disable mei interface on Mehlow server platforms (Tomas Winkler) [Orabug: 34018919]\n- mei: fix CNL itouch device number to match the spec. (Alexander Usyskin) [Orabug: 34018919]\n- mei: me: disable mei interface on LBG servers. (Tomas Winkler) [Orabug: 34018919]\n- mei: me: mei_me_dev_init() use struct device instead of struct pci_dev. (Tomas Winkler) [Orabug: 34018919]\n- x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053700]\n- net: bpf: Make bpf_ktime_get_ns() available to non GPL programs (Maciej zenczykowski) [Orabug: 34079481]\n[5.4.17-2136.307.2]\n- net: sched: fix use-after-free in tc_new_tfilter() (Eric Dumazet) [Orabug: 34027161] {CVE-2022-1055}\n- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031913]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039270]\n- mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Muchun Song) [Orabug: 34045826]\n- mm: memcg/slab: fix use after free in obj_cgroup_charge (Muchun Song) [Orabug: 34045826]\n- mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050049]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158}\n[5.4.17-2136.307.1]\n- oracleasm: Fix block layer error conversion (Martin K. Petersen) [Orabug: 33413872]\n- oracleasm: Fix memory leak inadvertently caused by block layer changes (Martin K. Petersen) [Orabug: 33413872]\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33519061]\n- Fix switchdev transition after configuring 256 SFs (Mikhael Goikhman) [Orabug: 33913142]\n- net/mlx5: Remove all auxiliary devices at the unregister event (Leon Romanovsky) [Orabug: 33913153]\n- net/mlx5: E-Switch, handle devcom events only for ports on the same device (Roi Dayan) [Orabug: 33913153]\n- net/mlx5e: Don't create devices during unload flow (Dmytro Linkin) [Orabug: 33913153]\n- net/mlx5: Delete auxiliary bus driver eth-rep first (Maor Dickman) [Orabug: 33913153]\n- Fix deadlock with SFs created and devlink reload of parent PF (Mikhael Goikhman) [Orabug: 33913153]\n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962760] {CVE-2021-45095}\n- bpf: Lift hashtab key_size limit (Florian Lehner) [Orabug: 33968668]\n- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974713]\n- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980855]\n- mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987399]\n- ice: create scheduler aggregator node config and move VSIs (Kiran Patil) [Orabug: 33993157] {CVE-2020-24502} {CVE-2020-245024} {CVE-2020-24503}\n- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider) [Orabug: 33994395]\n- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997299] {CVE-2022-27666}\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003080]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012924] {CVE-2022-1016}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2021-45095", "CVE-2022-1016", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-27666"], "modified": "2022-05-10T00:00:00", "id": "ELSA-2022-9368", "href": "http://linux.oracle.com/errata/ELSA-2022-9368.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:59", "description": " ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2021-45095", "CVE-2022-1016", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-27666"], "modified": "2022-05-10T00:00:00", "id": "ELSA-2022-9365", "href": "http://linux.oracle.com/errata/ELSA-2022-9365.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T18:27:51", "description": "[4.14.35-2047.507.7.4]\n- KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693]\n[4.14.35-2047.507.7.3]\n- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710]\n[4.14.35-2047.507.7.2]\n- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33337449] \n- ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33337449] \n- Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33337449]\n[4.14.35-2047.507.7.1]\n- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306519] \n- Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33323390]\n[4.14.35-2047.507.7]\n- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33296813] \n- Revert mm: memcontrol: eliminate raw access to stat and event counters (Ritika Srivastava) [Orabug: 33254727] \n- Revert mm: memcontrol: implement lruvec stat functions on top of each other (Ritika Srivastava) [Orabug: 33254727] \n- KVM: do not allow mapping valid but non-reference-counted pages (Nicholas Piggin) [Orabug: 33054089] {CVE-2021-22543} {CVE-2021-22543}\n- ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug: 32974988] \n- ocfs2: fix zero out valid data (Junxiao Bi) [Orabug: 32974988]\n[4.14.35-2047.507.6]\n- xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33277336] \n- rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33253068] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246581] \n- scsi: lpfc: Fix crash due to port reset racing vs adapter error handling (James Smart) [Orabug: 33213341] \n- xfs: dont drain buffer lru on freeze and read-only remount (Brian Foster) [Orabug: 33141334] \n- xfs: rename xfs_wait_buftarg() to xfs_buftarg_drain() (Brian Foster) [Orabug: 33141334] \n- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114988] {CVE-2021-3612}\n- rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372381] \n- dsc-drivers: update for 1.15.9-C-32 (Shannon Nelson) [Orabug: 33281086] \n- dts/pensando: creating reserved dma memory pool for mnet devices (Neel Patel) [Orabug: 33281086] \n- pcie: rm pcie register access message (#256) (Brad Smith) [Orabug: 33281086] \n- drivers: updates for 1.15.9-C-28 (Shannon Nelson) [Orabug: 33281086]\n[4.14.35-2047.507.5]\n- rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243560] \n- KVM: SVM: use vmsave/vmload for saving/restoring additional host state (Michael Roth) [Orabug: 33225761] \n- KVM: SVM: Use asm goto to handle unexpected #UD on SVM instructions (Sean Christopherson) [Orabug: 33225761] \n- kvm: svm/avic: Do not send AVIC doorbell to self (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm/avic: Fix invalidate logical APIC id entry (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm: Fix improper check when deactivate AVIC (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm: Fix AVIC DFR and LDR handling (Suthikulpanit, Suravee) [Orabug: 33225761] \n- scsi: qla2xxx: Add heartbeat check (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (Baokun Li) [Orabug: 33116624] \n- scsi: qla2xxx: Remove duplicate declarations (Shaokun Zhang) [Orabug: 33116624] \n- scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (Daniel Wagner) [Orabug: 33116624] \n- scsi: qla2xxx: Remove redundant assignment to rval (Jiapeng Chong) [Orabug: 33116624] \n- scsi: qla2xxx: Prevent PRLI in target mode (Anastasia Kovaleva) [Orabug: 33116624] \n- scsi: qla2xxx: Add marginal path handling support (Bikash Hazarika) [Orabug: 33116624] \n- scsi: qla2xxx: Reserve extra IRQ vectors (Roman Bolshakov) [Orabug: 33116624] \n- scsi: qla2xxx: Reuse existing error handling path (Christophe JAILLET) [Orabug: 33116624] \n- scsi: qla2xxx: Remove unneeded if-null-free check (Qiheng Lin) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.106-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Update default AER debug mask (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix mailbox recovery during PCIe error (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix crash in PCIe error handling (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix RISC RESET completion polling (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix stuck session (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Add H:C:T info in the log message for fc ports (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Fix IOPS drop seen in some adapters (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Check kzalloc() return value (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify qla8044_minidump_process_control() (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Fix endianness annotations (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Use dma_pool_zalloc() (Wang Qing) [Orabug: 33116624] \n- scsi: qla2xxx: Fix a couple of misdocumented functions (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix a couple of misnamed functions (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix some incorrect formatting/spelling issues (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Replace __qla2x00_marker()s missing underscores (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify if statement (Jiapeng Chong) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify the calculation of variables (Jiapeng Zhong) [Orabug: 33116624] \n- scsi: qla2xxx: Fix some memory corruption (Dan Carpenter) [Orabug: 33116624] \n- scsi: qla2xxx: Remove redundant NULL check (Yang Li) [Orabug: 33116624] \n- scsi: qla2xxx: Remove unnecessary NULL check (Dan Carpenter) [Orabug: 33116624] \n- scsi: qla2xxx: Assign boolean values to a bool variable (Jiapeng Zhong) [Orabug: 33116624] \n- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (Hannes Reinecke) [Orabug: 33116624] \n- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (Enzo Matsumiya) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.105-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix mailbox Ch erroneous error (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (Bikash Hazarika) [Orabug: 33116624] \n- scsi: qla2xxx: Move some messages from debug to normal log level (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Add error counters to debugfs node (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.104-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Fix device loss on 4G and older HBAs (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix the call trace for flush workqueue (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix FW initialization error on big endian machines (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Fix compilation issue in PPC systems (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Dont check for fw_started while posting NVMe command (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Tear down session if FW say it is down (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Change post del message from debug level to log level (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Remove trailing semicolon in macro definition (Tom Rix) [Orabug: 33116624] \n- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: Remove unneeded break statements (Tom Rix) [Orabug: 33116624] \n- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (Muneendra Kumar) [Orabug: 33116624] \n- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (Muneendra Kumar) [Orabug: 33116624] \n- scsi: core: No retries on abort success (Muneendra Kumar) [Orabug: 33116624] \n- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (Muneendra Kumar) [Orabug: 33116624]\n[4.14.35-2047.507.4]\n- drivers: updated for 1.15.9.26 (Shannon Nelson) [Orabug: 33235357] \n- XFS: code enhancement to help debug (Wengang Wang) [Orabug: 33186644] \n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (Maxim Levitsky) [Orabug: 33234941] {CVE-2021-3656} {CVE-2021-3656}\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (Maxim Levitsky) [Orabug: 33234967] {CVE-2021-3653} {CVE-2021-3653}\n[4.14.35-2047.507.3]\n- drivers: updates for 1.15.9.21 (Shannon Nelson) [Orabug: 33220300] \n- Revert rds/ib: reap tx completions during connection shutdown (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: handle posted ACK during connection shutdown (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33220435] \n- NFS: Dont call generic_error_remove_page() while holding locks (Trond Myklebust) [Orabug: 33213898] \n- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (aloktiw) [Orabug: 33179252] \n- ifb: fix packets checksum (Jon Maxwell) [Orabug: 33145562] \n- Linux 4.14.239 (Greg Kroah-Hartman) \n- xen/events: reset active flag for lateeoi events later (Juergen Gross) \n- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (Petr Mladek) \n- kthread_worker: split code for canceling the delayed work timer (Petr Mladek) \n- kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (Sean Young) \n- drm/nouveau: fix dma_address check for CPU/GPU sync (Christian Konig) \n- scsi: sr: Return appropriate error code when disk is ejected (ManYi Li) \n- mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() (Hugh Dickins) \n- mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes (Hugh Dickins) \n- mm: page_vma_mapped_walk(): get vma_address_end() earlier (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use goto instead of while (1) (Hugh Dickins) \n- mm: page_vma_mapped_walk(): add a level of indentation (Hugh Dickins) \n- mm: page_vma_mapped_walk(): crossing page table boundary (Hugh Dickins) \n- mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd (Hugh Dickins) \n- mm: page_vma_mapped_walk(): settle PageHuge on entry (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use page for pvmw->page (Hugh Dickins) \n- mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split (Yang Shi) \n- mm/thp: fix page_address_in_vma() on file THP tails (Jue Wang) \n- mm/thp: fix vma_address() if virtual address below file offset (Hugh Dickins) \n- mm/thp: try_to_unmap() use TTU_SYNC for safe splitting (Hugh Dickins) \n- mm/rmap: use page_not_mapped in try_to_unmap() (Miaohe Lin) \n- mm/rmap: remove unneeded semicolon in page_not_mapped() (Miaohe Lin) \n- mm: add VM_WARN_ON_ONCE_PAGE() macro (Alex Shi) \n- include/linux/mmdebug.h: make VM_WARN* non-rvals (Michal Hocko)\n[4.14.35-2047.507.2]\n- uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 33186981] \n- rds: Congestion tracepoints should be enabled by default (Greg Jumper) [Orabug: 33145670] \n- Linux 4.14.238 (Sasha Levin) \n- i2c: robotfuzz-osif: fix control-request directions (Johan Hovold) \n- nilfs2: fix memory leak in nilfs_sysfs_delete_device_group (Pavel Skripkin) \n- pinctrl: stm32: fix the reported number of GPIO lines per bank (Fabien Dessenne) \n- net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY (Esben Haabendal) \n- net: qed: Fix memcpy() overflow of qed_dcbx_params() (Kees Cook) \n- r8169: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- net/packet: annotate accesses to po->ifindex (Eric Dumazet) \n- net/packet: annotate accesses to po->bind (Eric Dumazet) \n- net: caif: fix memory leak in ldisc_open (Pavel Skripkin) \n- inet: annotate date races around sk->sk_txhash (Eric Dumazet) \n- ping: Check return value of function ping_queue_rcv_skb (Zheng Yongjun) \n- mac80211: drop multicast fragments (Johannes Berg) \n- cfg80211: call cfg80211_leave_ocb when switching away from OCB (Du Cheng) \n- mac80211: remove warning in ieee80211_get_sband() (Johannes Berg) \n- Revert PCI: PM: Do not read power state in pci_enable_device_flags() (Rafael J. Wysocki) \n- arm64: perf: Disable PMU while processing counter overflows (Suzuki K Poulose) \n- MIPS: generic: Update node names to avoid unit addresses (Nathan Chancellor) \n- Makefile: Move -Wno-unused-but-set-variable out of GCC only block (Nathan Chancellor) \n- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (Arnd Bergmann) \n- drm/radeon: wait for moving fence after pinning (Christian Konig) \n- drm/nouveau: wait for moving fence after pinning v2 (Christian Konig) \n- x86/fpu: Reset state for all signal restore failures (Thomas Gleixner) \n- unfuck sysfs_mount() (Al Viro) \n- kernfs: deal with kernfs_fill_super() failures (Al Viro) \n- usb: dwc3: core: fix kernel panic when do reboot (Peter Chen) \n- inet: use bigger hash table for IP ID generation (Eric Dumazet) \n- can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa) \n- net: fec_ptp: add clock rate zero check (Fugang Duan) \n- mm/slub.c: include swab.h (Andrew Morton) \n- net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov) \n- net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov) \n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee) \n- ARCv2: save ABI registers across signal handling (Vineet Gupta) \n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun) \n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna) \n- PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni) \n- PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen) \n- tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware)) \n- tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware)) \n- tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware)) \n- usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn) \n- can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin) \n- hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu) \n- radeon: use memcpy_to/fromio for UVD fw upload (Chen Li) \n- net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin) \n- icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen) \n- net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) \n- net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin) \n- be2net: Fix an error handling path in be_probe() (Christophe JAILLET) \n- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet) \n- net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan) \n- net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu) \n- net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski) \n- netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET) \n- qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET) \n- net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang) \n- alx: Fix an error handling path in alx_probe() (Christophe JAILLET) \n- netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy) \n- rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel) \n- udp: fix race between close() and udp_abort() (Paolo Abeni) \n- net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin) \n- net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun) \n- batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann) \n- mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun) \n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang) \n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap) \n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap) \n- fib: Return the correct errno code (Zheng Yongjun) \n- net: Return the correct errno code (Zheng Yongjun) \n- net/x25: Return the correct errno code (Zheng Yongjun) \n- rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong) \n- net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett) \n- nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke) \n- nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke) \n- nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke) \n- ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong) \n- scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi) \n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton) \n- HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu) \n- HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam) \n- HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis) \n- HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada) \n- net: ieee802154: fix null deref in parse dev addr (Dan Robertson) \n- Linux 4.14.237 (Greg Kroah-Hartman) \n- proc: only require mm_struct for writing (Linus Torvalds) \n- tracing: Correct the length check which causes memory corruption (Liangyan) \n- ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware)) \n- scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei) \n- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei) \n- scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei) \n- NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker) \n- kvm: fix previous commit for 32-bit builds (Paolo Bonzini) \n- perf session: Correct buffer copying when peeking events (Leo Yan) \n- NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter) \n- perf: Fix data race between pin_count increment/decrement (Marco Elver) \n- regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko) \n- regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov) \n- usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski) \n- usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski) \n- usb: gadget: eem: fix wrong eem header operation (Linyu Yuan) \n- USB: serial: quatech2: fix control-request directions (Johan Hovold) \n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX) \n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister) \n- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng) \n- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana) \n- usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu) \n- USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski) \n- cgroup1: dont allow \n in renaming (Alexander Kuznetsov) \n- btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani) \n- staging: rtl8723bs: Fix uninitialized variables (Wenli Looi) \n- kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini) \n- drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi) \n- drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi) \n- i2c: mpc: implement erratum A-004447 workaround (Chris Packham) \n- i2c: mpc: Make use of i2c_recover_bus() (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham) \n- bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong) \n- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang) \n- net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee) \n- net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li) \n- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov) \n- scsi: vmw_pvscsi: Set correct residual data length (Matt Wang) \n- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma) \n- wq: handle VM suspension in stall detection (Sergey Senozhatsky) \n- cgroup: disable controllers at parse time (Shakeel Butt) \n- net: mdiobus: get rid of a BUG_ON() (Dan Carpenter) \n- netlink: disable IRQs for netlink_lock_table() (Johannes Berg) \n- bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg) \n- isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) \n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- net/nfc/rawsock.c: fix a permission check bug (Jeimon) \n- proc: Track /proc//attr/ opener mm_struct (Kees Cook) \n- rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150437] \n- rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150414] \n- rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177350] \n- can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114648] {CVE-2021-3609}\n[4.14.35-2047.507.1]\n- can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030700] {CVE-2021-34693}\n- Linux 4.14.236 (Greg Kroah-Hartman) \n- xen-pciback: redo VF placement in the virtual topology (Jan Beulich) \n- sched/fair: Optimize select_idle_cpu (Cheng Jian) \n- KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson) \n- bnxt_en: Remove the setting of dev_port. (Michael Chan) \n- bpf: No need to simulate speculative domain for immediates (Daniel Borkmann) \n- bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann) \n- bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann) \n- bpf: Fix leakage of uninitialized bpf stack under speculation (Daniel Borkmann) \n- selftests/bpf: make dubious pointer arithmetic test useful (Alexei Starovoitov) \n- selftests/bpf: fix test_align (Alexei Starovoitov) \n- bpf/verifier: disallow pointer subtraction (Alexei Starovoitov) \n- bpf: Update selftests to reflect new error states (Daniel Borkmann) \n- bpf: Tighten speculative pointer arithmetic mask (Daniel Borkmann) \n- bpf: Move sanitize_val_alu out of op switch (Daniel Borkmann) \n- bpf: Refactor and streamline bounds check into helper (Daniel Borkmann) \n- bpf: Improve verifier error messages for users (Daniel Borkmann) \n- bpf: Rework ptr_limit into alu_limit and add common error path (Daniel Borkmann) \n- bpf: Ensure off_reg has no mixed signed bounds for all types (Daniel Borkmann) \n- bpf: Move off_reg into sanitize_ptr_alu (Daniel Borkmann) \n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) \n- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry) \n- btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik) \n- btrfs: fix error handling in btrfs_del_csums (Josef Bacik) \n- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski) \n- ocfs2: fix data corruption by fallocate (Junxiao Bi) \n- pid: take a reference when initializing (Mark Rutland) \n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin) \n- ALSA: timer: Fix master timer notification (Takashi Iwai) \n- net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin) \n- net: caif: fix memory leak in caif_device_notify (Pavel Skripkin) \n- net: caif: add proper error handling (Pavel Skripkin) \n- net: caif: added cfserl_release function (Pavel Skripkin) \n- ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun) \n- ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei) \n- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso) \n- HID: i2c-hid: fix format string mismatch (Arnd Bergmann) \n- HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei) \n- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov) \n- vfio/platform: fix module_put call in error flow (Max Gurtovoy) \n- vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap) \n- vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei) \n- efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes) \n- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit) \n- net: usb: cdc_ncm: dont spew notifications (Grant Grundler) \n- Linux 4.14.235 (Greg Kroah-Hartman) \n- usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun) \n- drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg) \n- hugetlbfs: hugetlb_fault_mutex_hash() cleanup (Mike Kravetz) \n- MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap) \n- MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap) \n- sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo) \n- ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri) \n- scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter) \n- ixgbe: fix large MTU request from VF (Jesse Brandeburg) \n- bpf: Set mac_len in bpf_skb_change_head (Jussi Maki) \n- ASoC: cs35l33: fix an error code in probe() (Dan Carpenter) \n- staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter) \n- mld: fix panic in mld_newpack() (Taehee Yoo) \n- net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei) \n- net: mdio: octeon: Fix some double free issues (Christophe JAILLET) \n- net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET) \n- net: netcp: Fix an error message (Christophe JAILLET) \n- drm/amdgpu: Fix a use-after-free (xinhui pan) \n- SMB3: incorrect file id in requests compounded with open (Steve French) \n- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko) \n- platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K) \n- btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik) \n- openrisc: Define memory barrier mb (Peter Zijlstra) \n- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang) \n- media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman) \n- media: dvb: Add check on sp8870_readreg return (Alaa Emad) \n- libertas: register sysfs groups properly (Greg Kroah-Hartman) \n- dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter) \n- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter) \n- char: hpet: add checks after calling ioremap (Tom Seewald) \n- net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng) \n- net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam) \n- serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan) \n- platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng) \n- perf jevents: Fix getting maximum number of fds (Felix Fietkau) \n- i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare) \n- i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski) \n- tipc: skb_linearize the head skb when reassembling msgs (Xin Long) \n- Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le) \n- drm/meson: fix shutdown crash when component not probed (Neil Armstrong) \n- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu) \n- NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust) \n- NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter) \n- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) \n- net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) \n- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda) \n- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng) \n- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp) \n- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas) \n- USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan) \n- serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma) \n- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven) \n- USB: trancevibrator: fix control-request direction (Johan Hovold) \n- iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing) \n- staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus) \n- mei: request autosuspend after sending rx flow control (Alexander Usyskin) \n- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman) \n- misc/uss720: fix memory leak in uss720_probe (Dongliang Mu) \n- kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman) \n- dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka) \n- ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R) \n- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) \n- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) \n- mac80211: check defrag PN against current frame (Johannes Berg) \n- mac80211: add fragment cache to sta_info (Johannes Berg) \n- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) \n- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586}\n- mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147}\n- net: hso: fix control-request directions (Johan Hovold) \n- proc: Check /proc//attr/ writes against file opener (Kees Cook) \n- perf intel-pt: Fix transaction abort handling (Adrian Hunter) \n- perf intel-pt: Fix sample instruction bytes (Adrian Hunter) \n- iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer) \n- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker) \n- NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu) \n- usb: dwc3: gadget: Enable suspend events (Jack Pham) \n- scripts: switch explicitly to Python 3 (Andy Shevchenko) \n- tweewide: Fix most Shebang lines (Finn Behrens) \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161269] \n- capmem: Mark the pages as non-readonly+dirty. (David Clear) [Orabug: 33155665] \n- Revert capmem: Mark the pages as non-readonly+dirty. (Dave Kleikamp) [Orabug: 33155665] \n- ionic: clean interrupt before enabling queue to avoid credit race (Shannon Nelson) [Orabug: 33155665] \n- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165871] \n- Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33156450]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26147", "CVE-2021-22543", "CVE-2021-23134", "CVE-2021-34693", "CVE-2021-3609", "CVE-2021-3612", "CVE-2021-3653", "CVE-2021-3656"], "modified": "2021-09-21T00:00:00", "id": "ELSA-2021-9452", "href": "http://linux.oracle.com/errata/ELSA-2021-9452.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:28:09", "description": "[4.14.35-2047.507.7.4.el7]\n- KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693]\n[4.14.35-2047.507.7.3]\n- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710]\n[4.14.35-2047.507.7.2]\n- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33337449] \n- ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33337449] \n- Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33337449]\n[4.14.35-2047.507.7.1]\n- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306519] \n- Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33323390]\n[4.14.35-2047.507.7]\n- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33296813] \n- Revert mm: memcontrol: eliminate raw access to stat and event counters (Ritika Srivastava) [Orabug: 33254727] \n- Revert mm: memcontrol: implement lruvec stat functions on top of each other (Ritika Srivastava) [Orabug: 33254727] \n- KVM: do not allow mapping valid but non-reference-counted pages (Nicholas Piggin) [Orabug: 33054089] {CVE-2021-22543} {CVE-2021-22543}\n- ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug: 32974988] \n- ocfs2: fix zero out valid data (Junxiao Bi) [Orabug: 32974988]\n[4.14.35-2047.507.6]\n- xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33277336] \n- rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33253068] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246581] \n- scsi: lpfc: Fix crash due to port reset racing vs adapter error handling (James Smart) [Orabug: 33213341] \n- xfs: dont drain buffer lru on freeze and read-only remount (Brian Foster) [Orabug: 33141334] \n- xfs: rename xfs_wait_buftarg() to xfs_buftarg_drain() (Brian Foster) [Orabug: 33141334] \n- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114988] {CVE-2021-3612}\n- rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372381] \n- dsc-drivers: update for 1.15.9-C-32 (Shannon Nelson) [Orabug: 33281086] \n- dts/pensando: creating reserved dma memory pool for mnet devices (Neel Patel) [Orabug: 33281086] \n- pcie: rm pcie register access message (#256) (Brad Smith) [Orabug: 33281086] \n- drivers: updates for 1.15.9-C-28 (Shannon Nelson) [Orabug: 33281086]\n[4.14.35-2047.507.5]\n- rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243560] \n- KVM: SVM: use vmsave/vmload for saving/restoring additional host state (Michael Roth) [Orabug: 33225761] \n- KVM: SVM: Use asm goto to handle unexpected #UD on SVM instructions (Sean Christopherson) [Orabug: 33225761] \n- kvm: svm/avic: Do not send AVIC doorbell to self (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm/avic: Fix invalidate logical APIC id entry (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm: Fix improper check when deactivate AVIC (Suthikulpanit, Suravee) [Orabug: 33225761] \n- svm: Fix AVIC DFR and LDR handling (Suthikulpanit, Suravee) [Orabug: 33225761] \n- scsi: qla2xxx: Add heartbeat check (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (Baokun Li) [Orabug: 33116624] \n- scsi: qla2xxx: Remove duplicate declarations (Shaokun Zhang) [Orabug: 33116624] \n- scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (Daniel Wagner) [Orabug: 33116624] \n- scsi: qla2xxx: Remove redundant assignment to rval (Jiapeng Chong) [Orabug: 33116624] \n- scsi: qla2xxx: Prevent PRLI in target mode (Anastasia Kovaleva) [Orabug: 33116624] \n- scsi: qla2xxx: Add marginal path handling support (Bikash Hazarika) [Orabug: 33116624] \n- scsi: qla2xxx: Reserve extra IRQ vectors (Roman Bolshakov) [Orabug: 33116624] \n- scsi: qla2xxx: Reuse existing error handling path (Christophe JAILLET) [Orabug: 33116624] \n- scsi: qla2xxx: Remove unneeded if-null-free check (Qiheng Lin) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.106-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Update default AER debug mask (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix mailbox recovery during PCIe error (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix crash in PCIe error handling (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix RISC RESET completion polling (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix stuck session (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Add H:C:T info in the log message for fc ports (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Fix IOPS drop seen in some adapters (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Check kzalloc() return value (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify qla8044_minidump_process_control() (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Fix endianness annotations (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (Bart Van Assche) [Orabug: 33116624] \n- scsi: qla2xxx: Use dma_pool_zalloc() (Wang Qing) [Orabug: 33116624] \n- scsi: qla2xxx: Fix a couple of misdocumented functions (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix a couple of misnamed functions (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Fix some incorrect formatting/spelling issues (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Replace __qla2x00_marker()s missing underscores (Lee Jones) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify if statement (Jiapeng Chong) [Orabug: 33116624] \n- scsi: qla2xxx: Simplify the calculation of variables (Jiapeng Zhong) [Orabug: 33116624] \n- scsi: qla2xxx: Fix some memory corruption (Dan Carpenter) [Orabug: 33116624] \n- scsi: qla2xxx: Remove redundant NULL check (Yang Li) [Orabug: 33116624] \n- scsi: qla2xxx: Remove unnecessary NULL check (Dan Carpenter) [Orabug: 33116624] \n- scsi: qla2xxx: Assign boolean values to a bool variable (Jiapeng Zhong) [Orabug: 33116624] \n- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (Hannes Reinecke) [Orabug: 33116624] \n- scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (Enzo Matsumiya) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.105-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix mailbox Ch erroneous error (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (Bikash Hazarika) [Orabug: 33116624] \n- scsi: qla2xxx: Move some messages from debug to normal log level (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Add error counters to debugfs node (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Update version to 10.02.00.104-k (Nilesh Javali) [Orabug: 33116624] \n- scsi: qla2xxx: Fix device loss on 4G and older HBAs (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix the call trace for flush workqueue (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Fix FW initialization error on big endian machines (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Fix compilation issue in PPC systems (Arun Easi) [Orabug: 33116624] \n- scsi: qla2xxx: Dont check for fw_started while posting NVMe command (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Tear down session if FW say it is down (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (Quinn Tran) [Orabug: 33116624] \n- scsi: qla2xxx: Change post del message from debug level to log level (Saurav Kashyap) [Orabug: 33116624] \n- scsi: qla2xxx: Remove trailing semicolon in macro definition (Tom Rix) [Orabug: 33116624] \n- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] \n- scsi: Remove unneeded break statements (Tom Rix) [Orabug: 33116624] \n- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (Muneendra Kumar) [Orabug: 33116624] \n- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (Muneendra Kumar) [Orabug: 33116624] \n- scsi: core: No retries on abort success (Muneendra Kumar) [Orabug: 33116624] \n- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (Muneendra Kumar) [Orabug: 33116624]\n[4.14.35-2047.507.4]\n- drivers: updated for 1.15.9.26 (Shannon Nelson) [Orabug: 33235357] \n- XFS: code enhancement to help debug (Wengang Wang) [Orabug: 33186644] \n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (Maxim Levitsky) [Orabug: 33234941] {CVE-2021-3656} {CVE-2021-3656}\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (Maxim Levitsky) [Orabug: 33234967] {CVE-2021-3653} {CVE-2021-3653}\n[4.14.35-2047.507.3]\n- drivers: updates for 1.15.9.21 (Shannon Nelson) [Orabug: 33220300] \n- Revert rds/ib: reap tx completions during connection shutdown (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: handle posted ACK during connection shutdown (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 33220435] \n- Revert rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33220435] \n- NFS: Dont call generic_error_remove_page() while holding locks (Trond Myklebust) [Orabug: 33213898] \n- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (aloktiw) [Orabug: 33179252] \n- ifb: fix packets checksum (Jon Maxwell) [Orabug: 33145562] \n- Linux 4.14.239 (Greg Kroah-Hartman) \n- xen/events: reset active flag for lateeoi events later (Juergen Gross) \n- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (Petr Mladek) \n- kthread_worker: split code for canceling the delayed work timer (Petr Mladek) \n- kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (Sean Young) \n- drm/nouveau: fix dma_address check for CPU/GPU sync (Christian Konig) \n- scsi: sr: Return appropriate error code when disk is ejected (ManYi Li) \n- mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() (Hugh Dickins) \n- mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes (Hugh Dickins) \n- mm: page_vma_mapped_walk(): get vma_address_end() earlier (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use goto instead of while (1) (Hugh Dickins) \n- mm: page_vma_mapped_walk(): add a level of indentation (Hugh Dickins) \n- mm: page_vma_mapped_walk(): crossing page table boundary (Hugh Dickins) \n- mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd (Hugh Dickins) \n- mm: page_vma_mapped_walk(): settle PageHuge on entry (Hugh Dickins) \n- mm: page_vma_mapped_walk(): use page for pvmw->page (Hugh Dickins) \n- mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split (Yang Shi) \n- mm/thp: fix page_address_in_vma() on file THP tails (Jue Wang) \n- mm/thp: fix vma_address() if virtual address below file offset (Hugh Dickins) \n- mm/thp: try_to_unmap() use TTU_SYNC for safe splitting (Hugh Dickins) \n- mm/rmap: use page_not_mapped in try_to_unmap() (Miaohe Lin) \n- mm/rmap: remove unneeded semicolon in page_not_mapped() (Miaohe Lin) \n- mm: add VM_WARN_ON_ONCE_PAGE() macro (Alex Shi) \n- include/linux/mmdebug.h: make VM_WARN* non-rvals (Michal Hocko)\n[4.14.35-2047.507.2]\n- uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 33186981] \n- rds: Congestion tracepoints should be enabled by default (Greg Jumper) [Orabug: 33145670] \n- Linux 4.14.238 (Sasha Levin) \n- i2c: robotfuzz-osif: fix control-request directions (Johan Hovold) \n- nilfs2: fix memory leak in nilfs_sysfs_delete_device_group (Pavel Skripkin) \n- pinctrl: stm32: fix the reported number of GPIO lines per bank (Fabien Dessenne) \n- net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY (Esben Haabendal) \n- net: qed: Fix memcpy() overflow of qed_dcbx_params() (Kees Cook) \n- r8169: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) \n- net/packet: annotate accesses to po->ifindex (Eric Dumazet) \n- net/packet: annotate accesses to po->bind (Eric Dumazet) \n- net: caif: fix memory leak in ldisc_open (Pavel Skripkin) \n- inet: annotate date races around sk->sk_txhash (Eric Dumazet) \n- ping: Check return value of function ping_queue_rcv_skb (Zheng Yongjun) \n- mac80211: drop multicast fragments (Johannes Berg) \n- cfg80211: call cfg80211_leave_ocb when switching away from OCB (Du Cheng) \n- mac80211: remove warning in ieee80211_get_sband() (Johannes Berg) \n- Revert PCI: PM: Do not read power state in pci_enable_device_flags() (Rafael J. Wysocki) \n- arm64: perf: Disable PMU while processing counter overflows (Suzuki K Poulose) \n- MIPS: generic: Update node names to avoid unit addresses (Nathan Chancellor) \n- Makefile: Move -Wno-unused-but-set-variable out of GCC only block (Nathan Chancellor) \n- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (Arnd Bergmann) \n- drm/radeon: wait for moving fence after pinning (Christian Konig) \n- drm/nouveau: wait for moving fence after pinning v2 (Christian Konig) \n- x86/fpu: Reset state for all signal restore failures (Thomas Gleixner) \n- unfuck sysfs_mount() (Al Viro) \n- kernfs: deal with kernfs_fill_super() failures (Al Viro) \n- usb: dwc3: core: fix kernel panic when do reboot (Peter Chen) \n- inet: use bigger hash table for IP ID generation (Eric Dumazet) \n- can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa) \n- net: fec_ptp: add clock rate zero check (Fugang Duan) \n- mm/slub.c: include swab.h (Andrew Morton) \n- net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov) \n- net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov) \n- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee) \n- ARCv2: save ABI registers across signal handling (Vineet Gupta) \n- PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun) \n- PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna) \n- PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni) \n- PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen) \n- tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware)) \n- tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware)) \n- tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware)) \n- usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn) \n- can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin) \n- hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu) \n- radeon: use memcpy_to/fromio for UVD fw upload (Chen Li) \n- net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin) \n- icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen) \n- net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) \n- net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin) \n- be2net: Fix an error handling path in be_probe() (Christophe JAILLET) \n- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet) \n- net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan) \n- net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu) \n- net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski) \n- netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET) \n- qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET) \n- net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang) \n- alx: Fix an error handling path in alx_probe() (Christophe JAILLET) \n- netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy) \n- rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel) \n- udp: fix race between close() and udp_abort() (Paolo Abeni) \n- net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin) \n- net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun) \n- batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann) \n- mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun) \n- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang) \n- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap) \n- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap) \n- fib: Return the correct errno code (Zheng Yongjun) \n- net: Return the correct errno code (Zheng Yongjun) \n- net/x25: Return the correct errno code (Zheng Yongjun) \n- rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong) \n- net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett) \n- nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke) \n- nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke) \n- nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke) \n- ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong) \n- scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi) \n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton) \n- HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui) \n- ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu) \n- HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam) \n- HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis) \n- HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada) \n- net: ieee802154: fix null deref in parse dev addr (Dan Robertson) \n- Linux 4.14.237 (Greg Kroah-Hartman) \n- proc: only require mm_struct for writing (Linus Torvalds) \n- tracing: Correct the length check which causes memory corruption (Liangyan) \n- ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware)) \n- scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei) \n- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei) \n- scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei) \n- NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker) \n- kvm: fix previous commit for 32-bit builds (Paolo Bonzini) \n- perf session: Correct buffer copying when peeking events (Leo Yan) \n- NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter) \n- perf: Fix data race between pin_count increment/decrement (Marco Elver) \n- regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko) \n- regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov) \n- usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski) \n- usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski) \n- usb: gadget: eem: fix wrong eem header operation (Linyu Yuan) \n- USB: serial: quatech2: fix control-request directions (Johan Hovold) \n- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX) \n- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister) \n- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng) \n- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana) \n- usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu) \n- USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski) \n- cgroup1: dont allow \n in renaming (Alexander Kuznetsov) \n- btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani) \n- staging: rtl8723bs: Fix uninitialized variables (Wenli Looi) \n- kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini) \n- drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi) \n- drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi) \n- i2c: mpc: implement erratum A-004447 workaround (Chris Packham) \n- i2c: mpc: Make use of i2c_recover_bus() (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham) \n- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham) \n- bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong) \n- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang) \n- net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee) \n- net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li) \n- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov) \n- scsi: vmw_pvscsi: Set correct residual data length (Matt Wang) \n- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma) \n- wq: handle VM suspension in stall detection (Sergey Senozhatsky) \n- cgroup: disable controllers at parse time (Shakeel Butt) \n- net: mdiobus: get rid of a BUG_ON() (Dan Carpenter) \n- netlink: disable IRQs for netlink_lock_table() (Johannes Berg) \n- bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg) \n- isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) \n- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei) \n- net/nfc/rawsock.c: fix a permission check bug (Jeimon) \n- proc: Track /proc//attr/ opener mm_struct (Kees Cook) \n- rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150437] \n- rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150414] \n- rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177350] \n- can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114648] {CVE-2021-3609}\n[4.14.35-2047.507.1]\n- can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030700] {CVE-2021-34693}\n- Linux 4.14.236 (Greg Kroah-Hartman) \n- xen-pciback: redo VF placement in the virtual topology (Jan Beulich) \n- sched/fair: Optimize select_idle_cpu (Cheng Jian) \n- KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson) \n- bnxt_en: Remove the setting of dev_port. (Michael Chan) \n- bpf: No need to simulate speculative domain for immediates (Daniel Borkmann) \n- bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann) \n- bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann) \n- bpf: Fix leakage of uninitialized bpf stack under speculation (Daniel Borkmann) \n- selftests/bpf: make dubious pointer arithmetic test useful (Alexei Starovoitov) \n- selftests/bpf: fix test_align (Alexei Starovoitov) \n- bpf/verifier: disallow pointer subtraction (Alexei Starovoitov) \n- bpf: Update selftests to reflect new error states (Daniel Borkmann) \n- bpf: Tighten speculative pointer arithmetic mask (Daniel Borkmann) \n- bpf: Move sanitize_val_alu out of op switch (Daniel Borkmann) \n- bpf: Refactor and streamline bounds check into helper (Daniel Borkmann) \n- bpf: Improve verifier error messages for users (Daniel Borkmann) \n- bpf: Rework ptr_limit into alu_limit and add common error path (Daniel Borkmann) \n- bpf: Ensure off_reg has no mixed signed bounds for all types (Daniel Borkmann) \n- bpf: Move off_reg into sanitize_ptr_alu (Daniel Borkmann) \n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) \n- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry) \n- btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik) \n- btrfs: fix error handling in btrfs_del_csums (Josef Bacik) \n- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski) \n- ocfs2: fix data corruption by fallocate (Junxiao Bi) \n- pid: take a reference when initializing (Mark Rutland) \n- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin) \n- ALSA: timer: Fix master timer notification (Takashi Iwai) \n- net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin) \n- net: caif: fix memory leak in caif_device_notify (Pavel Skripkin) \n- net: caif: add proper error handling (Pavel Skripkin) \n- net: caif: added cfserl_release function (Pavel Skripkin) \n- ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun) \n- ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei) \n- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso) \n- HID: i2c-hid: fix format string mismatch (Arnd Bergmann) \n- HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei) \n- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov) \n- vfio/platform: fix module_put call in error flow (Max Gurtovoy) \n- vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap) \n- vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei) \n- efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes) \n- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit) \n- net: usb: cdc_ncm: dont spew notifications (Grant Grundler) \n- Linux 4.14.235 (Greg Kroah-Hartman) \n- usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun) \n- drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg) \n- hugetlbfs: hugetlb_fault_mutex_hash() cleanup (Mike Kravetz) \n- MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap) \n- MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap) \n- sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo) \n- ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri) \n- scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter) \n- ixgbe: fix large MTU request from VF (Jesse Brandeburg) \n- bpf: Set mac_len in bpf_skb_change_head (Jussi Maki) \n- ASoC: cs35l33: fix an error code in probe() (Dan Carpenter) \n- staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter) \n- mld: fix panic in mld_newpack() (Taehee Yoo) \n- net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei) \n- net: mdio: octeon: Fix some double free issues (Christophe JAILLET) \n- net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET) \n- net: netcp: Fix an error message (Christophe JAILLET) \n- drm/amdgpu: Fix a use-after-free (xinhui pan) \n- SMB3: incorrect file id in requests compounded with open (Steve French) \n- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko) \n- platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K) \n- btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik) \n- openrisc: Define memory barrier mb (Peter Zijlstra) \n- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang) \n- media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman) \n- media: dvb: Add check on sp8870_readreg return (Alaa Emad) \n- libertas: register sysfs groups properly (Greg Kroah-Hartman) \n- dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter) \n- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter) \n- char: hpet: add checks after calling ioremap (Tom Seewald) \n- net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng) \n- net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam) \n- serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan) \n- platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng) \n- perf jevents: Fix getting maximum number of fds (Felix Fietkau) \n- i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare) \n- i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski) \n- tipc: skb_linearize the head skb when reassembling msgs (Xin Long) \n- Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le) \n- drm/meson: fix shutdown crash when component not probed (Neil Armstrong) \n- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu) \n- NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust) \n- NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter) \n- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) \n- net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) \n- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda) \n- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng) \n- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp) \n- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas) \n- USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan) \n- serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma) \n- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven) \n- USB: trancevibrator: fix control-request direction (Johan Hovold) \n- iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing) \n- staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus) \n- mei: request autosuspend after sending rx flow control (Alexander Usyskin) \n- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman) \n- misc/uss720: fix memory leak in uss720_probe (Dongliang Mu) \n- kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman) \n- dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka) \n- ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R) \n- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) \n- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) \n- mac80211: check defrag PN against current frame (Johannes Berg) \n- mac80211: add fragment cache to sta_info (Johannes Berg) \n- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) \n- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586}\n- mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147}\n- net: hso: fix control-request directions (Johan Hovold) \n- proc: Check /proc//attr/ writes against file opener (Kees Cook) \n- perf intel-pt: Fix transaction abort handling (Adrian Hunter) \n- perf intel-pt: Fix sample instruction bytes (Adrian Hunter) \n- iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer) \n- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker) \n- NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu) \n- usb: dwc3: gadget: Enable suspend events (Jack Pham) \n- scripts: switch explicitly to Python 3 (Andy Shevchenko) \n- tweewide: Fix most Shebang lines (Finn Behrens) \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161269] \n- capmem: Mark the pages as non-readonly+dirty. (David Clear) [Orabug: 33155665] \n- Revert capmem: Mark the pages as non-readonly+dirty. (Dave Kleikamp) [Orabug: 33155665] \n- ionic: clean interrupt before enabling queue to avoid credit race (Shannon Nelson) [Orabug: 33155665] \n- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165871] \n- Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33156450]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26147", "CVE-2021-22543", "CVE-2021-23134", "CVE-2021-34693", "CVE-2021-3609", "CVE-2021-3612", "CVE-2021-3653", "CVE-2021-3656"], "modified": "2021-09-21T00:00:00", "id": "ELSA-2021-9453", "href": "http://linux.oracle.com/errata/ELSA-2021-9453.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:38", "description": "[4.1.12-124.52.4]\n- IB/core: Only update PKEY and GID caches on respective events (Hakon Bugge) [Orabug: 32816368] \n- Revert 'Allow mce to reset instead of panic on UE' (William Roche) [Orabug: 32820278] \n- Bluetooth: verify AMP hci_chan before amp_destroy (Archie Pusaka) [Orabug: 32912103] {CVE-2021-33034}\n- Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (Peilin Ye) [Orabug: 33013890] {CVE-2020-36386}\n- qla2xxx: update version to 9.00.00.00.42.0-k1-v5 (Quinn Tran) [Orabug: 33015884] \n- scsi: qla2xxx: v2: Fix login retry count (Quinn Tran) [Orabug: 29411891] [Orabug: 33015884] \n- scsi: qla2xxx: Properly extract ADISC error codes (Quinn Tran) [Orabug: 33015884] \n- scsi: qla2xxx: Replace GPDB with async ADISC command (Quinn Tran) [Orabug: 33015884] \n- qla2xxx: update version to 9.00.00.00.42.0-k1-v4 (Quinn Tran) [Orabug: 33015884] \n- qla2xxx: fix relogin stalled. (Quinn Tran) [Orabug: 27700529] [Orabug: 33015884] \n- net/mlx4: Treat VFs fair when handling comm_channel_events (Hans Westgaard Ry) [Orabug: 33017263]\n[4.1.12-124.52.3]\n- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Bartosz Golaszewski) [Orabug: 32974492] \n- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (David Woodhouse) [Orabug: 32974492] \n- secureboot: make sure kernel-signing.cer is copied to kernel-keys dir (Brian Maly) [Orabug: 32978042]\n[4.1.12-124.52.2]\n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021289] {CVE-2020-12352}\n- RDS tcp loopback connection can hang (Rao Shoaib) [Orabug: 32926868]\n[4.1.12-124.52.1]\n- dm ioctl: fix out of bounds array access when no devices (Mikulas Patocka) [Orabug: 32860494] {CVE-2021-31916}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12352", "CVE-2020-36386", "CVE-2021-31916", "CVE-2021-33034"], "modified": "2021-07-02T00:00:00", "id": "ELSA-2021-9346", "href": "http://linux.oracle.com/errata/ELSA-2021-9346.html", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-11-26T18:28:03", "description": "[4.14.35-2047.507.7.5.el7]\n- Bluetooth: defer cleanup of resources in hci_unregister_dev() (Tetsuo Handa) [Orabug: 33369947] {CVE-2021-3573}\n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33369947]\n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33369947] {CVE-2021-3564}\n- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369956] {CVE-2021-40490}\n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 33369955] {CVE-2020-36322}\n- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33369954] {CVE-2021-3679}\n- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369953] {CVE-2021-38160}\n- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369952] {CVE-2021-3655}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36322", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3655", "CVE-2021-3679", "CVE-2021-38160", "CVE-2021-40490"], "modified": "2021-09-22T00:00:00", "id": "ELSA-2021-9458", "href": "http://linux.oracle.com/errata/ELSA-2021-9458.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:27:46", "description": "[4.14.35-2047.507.7.5]\n- Bluetooth: defer cleanup of resources in hci_unregister_dev() (Tetsuo Handa) [Orabug: 33369947] {CVE-2021-3573}\n- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33369947] \n- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33369947] {CVE-2021-3564}\n- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369956] {CVE-2021-40490}\n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 33369955] {CVE-2020-36322}\n- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33369954] {CVE-2021-3679}\n- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369953] {CVE-2021-38160}\n- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369952] {CVE-2021-3655}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36322", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3655", "CVE-2021-3679", "CVE-2021-38160", "CVE-2021-40490"], "modified": "2021-09-22T00:00:00", "id": "ELSA-2021-9460", "href": "http://linux.oracle.com/errata/ELSA-2021-9460.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:16", "description": "[5.4.17-2102.201.3uek]\n- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (Ali Saidi) [Orabug: 32805544]\n[5.4.17-2102.201.2uek]\n- md/bitmap: wait for external bitmap writes to complete during tear down (Sudhakar Panneerselvam) [Orabug: 32764237] \n- ocfs2: fix deadlock between setattr and dio_end_io_write (Wengang Wang) [Orabug: 32763849] \n- tcp: do not mess with cloned skbs in tcp_add_backlog() (Eric Dumazet) [Orabug: 32760314] \n- Revert 'x86/vmlinux: Use INT3 instead of NOP for linker fill bytes' (John Donnelly) [Orabug: 32576398] {CVE-2021-3411}\n- iommu/vt-d: Fix agaw for a supported 48 bit guest address width (Saeed Mirzamohammadi) [Orabug: 32734148] \n- LTS tag: v5.4.85 (Jack Vogel) \n- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (Xiaochen Shen) \n- x86/resctrl: Remove unused struct mbm_state::chunks_bw (James Morse) \n- membarrier: Explicitly sync remote cores when SYNC_CORE is requested (Andy Lutomirski) \n- Revert 'selftests/ftrace: check for do_sys_openat2 in user-memory test' (Kamal Mostafa) \n- KVM: mmu: Fix SPTE encoding of MMIO generation upper half (Maciej S. Szmigiero) \n- serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (Alexander Sverdlin) \n- ALSA: pcm: oss: Fix potential out-of-bounds shift (Takashi Iwai) \n- USB: sisusbvga: Make console support depend on BROKEN (Thomas Gleixner) \n- USB: UAS: introduce a quirk to set no_write_same (Oliver Neukum) \n- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (Hans de Goede) \n- xhci: Give USB2 ports time to enter U3 in bus suspend (Li Jun) \n- ALSA: usb-audio: Fix control 'access overflow' errors from chmap (Takashi Iwai) \n- ALSA: usb-audio: Fix potential out-of-bounds shift (Takashi Iwai) \n- USB: add RESET_RESUME quirk for Snapscan 1212 (Oliver Neukum) \n- USB: dummy-hcd: Fix uninitialized array use in init() (Bui Quang Minh) \n- ktest.pl: If size of log is too big to email, email error message (Steven Rostedt (VMware)) \n- net: stmmac: delete the eee_ctrl_timer after napi disabled (Fugang Duan) \n- net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux (Martin Blumenstingl) \n- net: ll_temac: Fix potential NULL dereference in temac_probe() (Zhang Changzhong) \n- lan743x: fix for potential NULL pointer dereference with bare card (Sergej Bauer) \n- tcp: fix cwnd-limited bug for TSO deferral where we send nothing (Neal Cardwell) \n- tcp: select sane initial rcvq_space.space for big MSS (Eric Dumazet) \n- net: stmmac: free tx skb buffer in stmmac_resume() (Fugang Duan) \n- bridge: Fix a deadlock when enabling multicast snooping (Joseph Huang) \n- enetc: Fix reporting of h/w packet counters (Claudiu Manoil) \n- udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments (Xin Long) \n- net: hns3: remove a misused pragma packed (Huazhong Tan) \n- vrf: packets with lladdr src needs dst at input with orig_iif when needs strict (Stephen Suryaputra) \n- net: bridge: vlan: fix error return code in __vlan_add() (Zhang Changzhong) \n- mac80211: mesh: fix mesh_pathtbl_init() error path (Eric Dumazet) \n- ipv4: fix error return code in rtm_to_fib_config() (Zhang Changzhong) \n- ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() (Peilin Ye) \n- LTS tag: v5.4.84 (Jack Vogel) \n- compiler.h: fix barrier_data() on clang (Arvind Sankar) \n- mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING (Minchan Kim) \n- x86/apic/vector: Fix ordering in vector assignment (Thomas Gleixner) \n- x86/membarrier: Get rid of a dubious optimization (Andy Lutomirski) \n- x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (Arvind Sankar) \n- scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (Dan Carpenter) \n- proc: use untagged_addr() for pagemap_read addresses (Miles Chen) \n- kbuild: avoid static_assert for genksyms (Arnd Bergmann) \n- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (Manasi Navare) \n- mmc: block: Fixup condition for CMD13 polling for RPMB requests (Bean Huo) \n- pinctrl: amd: remove debounce filter setting in IRQ type setting (Coiby Xu) \n- Input: i8042 - add Acer laptops to the i8042 reset list (Chris Chiu) \n- Input: cm109 - do not stomp on control URB (Dmitry Torokhov) \n- ktest.pl: Fix incorrect reboot for grub2bls (Libo Chen) \n- can: m_can: m_can_dev_setup(): add support for bosch mcan version 3.3.0 (Pankaj Sharma) \n- platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (Hans de Goede) \n- platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (Max Verevkin) \n- platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (Timo Witte) \n- platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (Hans de Goede) \n- platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (Hans de Goede) \n- arm64: tegra: Disable the ACONNECT for Jetson TX2 (Jon Hunter) \n- soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (Hao Si) \n- spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (Ran Wang) \n- irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend (Xu Qiang) \n- ibmvnic: skip tx timeout reset while in resetting (Lijun Pan) \n- interconnect: qcom: qcs404: Remove GPU and display RPM IDs (Georgi Djakov) \n- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (Can Guo) \n- ARC: stack unwinding: don't assume non-current task is sleeping (Vineet Gupta) \n- arm64: dts: broadcom: clear the warnings caused by empty dma-ranges (Zhen Lei) \n- powerpc: Drop -me200 addition to build flags (Michael Ellerman) \n- iwlwifi: mvm: fix kernel panic in case of assert during CSA (Sara Sharon) \n- iwlwifi: pcie: set LTR to avoid completion timeout (Johannes Berg) \n- arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. (Markus Reichl) \n- iwlwifi: pcie: limit memory read spin time (Johannes Berg) \n- x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S (Fangrui Song) \n- Kbuild: do not emit debug info for assembly with LLVM_IAS=1 (Nick Desaulniers)\n[5.4.17-2102.201.1uek]\n- IB/mlx5: Reduce max order of memory allocated for xlt update (Praveen Kumar Kannoju) [Orabug: 32751624] \n- netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709120] {CVE-2021-29650}\n- perf/x86/intel: Fix a crash caused by zero PEBS status (Kan Liang) [Orabug: 32669468] {CVE-2021-28971}\n- btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669450] {CVE-2021-28964}\n[5.4.17-2102.201.0uek]\n- uek-rpm: Update SecureBoot Digicert 2021 certificates (Jack Vogel) [Orabug: 32532663] \n- RDMA/rxe: ipc_bench fails on SoftRoCE with shpd (Rao Shoaib) [Orabug: 32716155] \n- vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}\n- vhost-vdpa: fix use-after-free of v->config_ctx (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}\n- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 32669269] {CVE-2021-28950}\n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32669269] {CVE-2021-28950}\n- RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32662965] \n- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651473] {CVE-2021-28038}\n- RDMA/rxe: Compute the maximum sges and inline size based on the WQE size (Rao Shoaib) [Orabug: 32648060] \n- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32641672] \n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640116] \n- uek-rpm: ol7: aarch64: add CONFIG_ACPI_HOTPLUG_MEMORY (Mihai Carabas) [Orabug: 32638660] \n- KVM: SVM: Disable AVIC before setting V_IRQ (Suravee Suthikulpanit) [Orabug: 32603569] \n- KVM: Introduce kvm_make_all_cpus_request_except() (Suravee Suthikulpanit) [Orabug: 32603569] \n- KVM: X86: correct meaningless kvm_apicv_activated() check (Paolo Bonzini) [Orabug: 32603569] \n- KVM: Disable preemption in kvm_get_running_vcpu() (Marc Zyngier) [Orabug: 32603569] \n- KVM: Move running VCPU from ARM to common code (Paolo Bonzini) [Orabug: 32603569] \n- xen-blkback: don't leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697850] {CVE-2021-28688}\n- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32651461]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-05-10T00:00:00", "id": "ELSA-2021-9220", "href": "http://linux.oracle.com/errata/ELSA-2021-9220.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:56", "description": "[5.4.17-2102.201.3.el8]\n- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (Ali Saidi)\n [Orabug: 32805544]\n[5.4.17-2102.201.2.el8]\n- md/bitmap: wait for external bitmap writes to complete during tear down (Sudhakar Panneerselvam) [Orabug: 32764237]\n- ocfs2: fix deadlock between setattr and dio_end_io_write (Wengang Wang) [Orabug: 32763849]\n- tcp: do not mess with cloned skbs in tcp_add_backlog() (Eric Dumazet) [Orabug: 32760314]\n- Revert 'x86/vmlinux: Use INT3 instead of NOP for linker fill bytes' (John Donnelly) [Orabug: 32576398] {CVE-2021-3411}\n- iommu/vt-d: Fix agaw for a supported 48 bit guest address width (Saeed Mirzamohammadi) [Orabug: 32734148]\n- LTS tag: v5.4.85 (Jack Vogel) \n- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (Xiaochen Shen) \n- x86/resctrl: Remove unused struct mbm_state::chunks_bw (James Morse) \n- membarrier: Explicitly sync remote cores when SYNC_CORE is requested (Andy Lutomirski) \n- Revert 'selftests/ftrace: check for do_sys_openat2 in user-memory test' (Kamal Mostafa) \n- KVM: mmu: Fix SPTE encoding of MMIO generation upper half (Maciej S. Szmigiero) \n- serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (Alexander Sverdlin) \n- ALSA: pcm: oss: Fix potential out-of-bounds shift (Takashi Iwai) \n- USB: sisusbvga: Make console support depend on BROKEN (Thomas Gleixner) \n- USB: UAS: introduce a quirk to set no_write_same (Oliver Neukum) \n- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (Hans de Goede) \n- xhci: Give USB2 ports time to enter U3 in bus suspend (Li Jun) \n- ALSA: usb-audio: Fix control 'access overflow' errors from chmap (Takashi Iwai) \n- ALSA: usb-audio: Fix potential out-of-bounds shift (Takashi Iwai) \n- USB: add RESET_RESUME quirk for Snapscan 1212 (Oliver Neukum) \n- USB: dummy-hcd: Fix uninitialized array use in init() (Bui Quang Minh) \n- ktest.pl: If size of log is too big to email, email error message (Steven Rostedt (VMware)) \n- net: stmmac: delete the eee_ctrl_timer after napi disabled (Fugang Duan) \n- net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux (Martin Blumenstingl) \n- net: ll_temac: Fix potential NULL dereference in temac_probe() (Zhang Changzhong) \n- lan743x: fix for potential NULL pointer dereference with bare card (Sergej Bauer) \n- tcp: fix cwnd-limited bug for TSO deferral where we send nothing (Neal Cardwell) \n- tcp: select sane initial rcvq_space.space for big MSS (Eric Dumazet) \n- net: stmmac: free tx skb buffer in stmmac_resume() (Fugang Duan) \n- bridge: Fix a deadlock when enabling multicast snooping (Joseph Huang) \n- enetc: Fix reporting of h/w packet counters (Claudiu Manoil) \n- udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments (Xin Long) \n- net: hns3: remove a misused pragma packed (Huazhong Tan) \n- vrf: packets with lladdr src needs dst at input with orig_iif when needs strict (Stephen Suryaputra) \n- net: bridge: vlan: fix error return code in __vlan_add() (Zhang Changzhong) \n- mac80211: mesh: fix mesh_pathtbl_init() error path (Eric Dumazet) \n- ipv4: fix error return code in rtm_to_fib_config() (Zhang Changzhong) \n- ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() (Peilin Ye) \n- LTS tag: v5.4.84 (Jack Vogel) \n- compiler.h: fix barrier_data() on clang (Arvind Sankar) \n- mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING (Minchan Kim) \n- x86/apic/vector: Fix ordering in vector assignment (Thomas Gleixner) \n- x86/membarrier: Get rid of a dubious optimization (Andy Lutomirski) \n- x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (Arvind Sankar) \n- scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (Dan Carpenter) \n- proc: use untagged_addr() for pagemap_read addresses (Miles Chen) \n- kbuild: avoid static_assert for genksyms (Arnd Bergmann) \n- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (Manasi Navare) \n- mmc: block: Fixup condition for CMD13 polling for RPMB requests (Bean Huo) \n- pinctrl: amd: remove debounce filter setting in IRQ type setting (Coiby Xu) \n- Input: i8042 - add Acer laptops to the i8042 reset list (Chris Chiu) \n- Input: cm109 - do not stomp on control URB (Dmitry Torokhov) \n- ktest.pl: Fix incorrect reboot for grub2bls (Libo Chen) \n- can: m_can: m_can_dev_setup(): add support for bosch mcan version 3.3.0 (Pankaj Sharma) \n- platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (Hans de Goede) \n- platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (Max Verevkin) \n- platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (Timo Witte) \n- platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (Hans de Goede) \n- platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (Hans de Goede) \n- arm64: tegra: Disable the ACONNECT for Jetson TX2 (Jon Hunter) \n- soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (Hao Si) \n- spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (Ran Wang) \n- irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend (Xu Qiang) \n- ibmvnic: skip tx timeout reset while in resetting (Lijun Pan) \n- interconnect: qcom: qcs404: Remove GPU and display RPM IDs (Georgi Djakov) \n- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (Can Guo) \n- ARC: stack unwinding: don't assume non-current task is sleeping (Vineet Gupta) \n- arm64: dts: broadcom: clear the warnings caused by empty dma-ranges (Zhen Lei) \n- powerpc: Drop -me200 addition to build flags (Michael Ellerman) \n- iwlwifi: mvm: fix kernel panic in case of assert during CSA (Sara Sharon) \n- iwlwifi: pcie: set LTR to avoid completion timeout (Johannes Berg) \n- arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. (Markus Reichl) \n- iwlwifi: pcie: limit memory read spin time (Johannes Berg) \n- x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S (Fangrui Song) \n- Kbuild: do not emit debug info for assembly with LLVM_IAS=1 (Nick Desaulniers)\n[5.4.17-2102.201.1.el8]\n- IB/mlx5: Reduce max order of memory allocated for xlt update (Praveen Kumar Kannoju) [Orabug: 32751624]\n- netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709120] {CVE-2021-29650}\n- perf/x86/intel: Fix a crash caused by zero PEBS status (Kan Liang) [Orabug: 32669468] {CVE-2021-28971}\n- btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669450] {CVE-2021-28964}\n- uek-rpm: Update SecureBoot Digicert 2021 certificates (Jack Vogel) [Orabug: 32532663]\n- RDMA/rxe: ipc_bench fails on SoftRoCE with shpd (Rao Shoaib) [Orabug: 32716155]\n- vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}\n- vhost-vdpa: fix use-after-free of v->config_ctx (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}\n- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 32669269] {CVE-2021-28950}\n- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32669269] {CVE-2021-28950}\n- RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32662965]\n- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651473] {CVE-2021-28038}\n- RDMA/rxe: Compute the maximum sges and inline size based on the WQE size (Rao Shoaib) [Orabug: 32648060]\n- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32641672]\n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640116]\n- uek-rpm: ol7: aarch64: add CONFIG_ACPI_HOTPLUG_MEMORY (Mihai Carabas) [Orabug: 32638660]\n- KVM: SVM: Disable AVIC before setting V_IRQ (Suravee Suthikulpanit) [Orabug: 32603569]\n- KVM: Introduce kvm_make_all_cpus_request_except() (Suravee Suthikulpanit) [Orabug: 32603569]\n- KVM: X86: correct meaningless kvm_apicv_activated() check (Paolo Bonzini) [Orabug: 32603569]\n- KVM: Disable preemption in kvm_get_running_vcpu() (Marc Zyngier) [Orabug: 32603569]\n- KVM: Move running VCPU from ARM to common code (Paolo Bonzini) [Orabug: 32603569]\n- xen-blkback: don't leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697850] {CVE-2021-28688}\n- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32651461]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-06-01T00:00:00", "id": "ELSA-2021-9221", "href": "http://linux.oracle.com/errata/ELSA-2021-9221.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "almalinux": [{"lastseen": "2022-05-12T14:58:28", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T09:08:02", "type": "almalinux", "title": "Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-12T10:21:01", "id": "ALSA-2021:4356", "href": "https://errata.almalinux.org/8/ALSA-2021-4356.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-11-22T18:37:09", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-09T09:08:02", "type": "redhat", "title": "(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-10T10:21:28", "id": "RHSA-2021:4356", "href": "https://access.redhat.com/errata/RHSA-2021:4356", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T18:39:12", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971)\n* kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function (CVE-2021-29646)\n* kernel: lack a full memory barrier upon the assignment of a new table value in x_tables.h may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-09T08:21:02", "type": "redhat", "title": "(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-10T10:23:48", "id": "RHSA-2021:4140", "href": "https://access.redhat.com/errata/RHSA-2021:4140", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-16T20:44:43", "description": "Openshift Logging Bug Fix Release (5.0.10)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T21:31:08", "type": "redhat", "title": "(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3712", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:05:11", "id": "RHSA-2021:5137", "href": "https://access.redhat.com/errata/RHSA-2021:5137", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T18:39:11", "description": "Openshift Logging Bug Fix Release (5.3.0)\n\nSecurity Fix(es):\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-15T12:52:28", "type": "redhat", "title": "(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33194", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574"], "modified": "2021-11-15T12:52:54", "id": "RHSA-2021:4627", "href": "https://access.redhat.com/errata/RHSA-2021:4627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-03-09T19:14:09", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4356 advisory.\n\n - Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.\n (CVE-2019-14615)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. (CVE-2020-24502)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/157497", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4356.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157497);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4356\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4356 advisory.\n\n - Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor\n Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.\n (CVE-2019-14615)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial\n of service via local access. (CVE-2020-24502)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version\n 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and\n WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to\n inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and\n WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can\n abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042\n (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations\n reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate\n selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the\n WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by\n design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write access because of a race condition in a THP\n mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-\n bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with\n root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was\n found in the way user uses trace ring buffer in a specific way. Only privileged local users (with\n CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an\n attacker with a local account to leak information about kernel internal addresses. The highest threat from\n this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does\n not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the\n context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4356.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-09T19:28:26", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-stablelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/155145", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4356. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155145);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4356\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4356\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-09T19:29:01", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/155219", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4356. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155219);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4356\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/212.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/287.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/290.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/307.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/345.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/346.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/415.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/682.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/822.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/829.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1957788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1969489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1975949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1976946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1989165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1995249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 120, 125, 200, 212, 252, 287, 290, 307, 345, 346, 362, 400, 415, 416, 476, 662, 667, 682, 772, 787, 822, 829, 835, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-core-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-devel-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-modules-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-09T19:28:25", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel-rt (CESA-2021:4140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:kernel-rt", "p-cpe:/a:centos:centos:kernel-rt-core", "p-cpe:/a:centos:centos:kernel-rt-debug", "p-cpe:/a:centos:centos:kernel-rt-debug-core", "p-cpe:/a:centos:centos:kernel-rt-debug-devel", "p-cpe:/a:centos:centos:kernel-rt-debug-modules", "p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-rt-devel", "p-cpe:/a:centos:centos:kernel-rt-modules", "p-cpe:/a:centos:centos:kernel-rt-modules-extra"], "id": "CENTOS8_RHSA-2021-4140.NASL", "href": "https://www.tenable.com/plugins/nessus/155070", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4140. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155070);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4140\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"CentOS 8 : kernel-rt (CESA-2021:4140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:4140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-09T19:28:24", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:4140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-4140.NASL", "href": "https://www.tenable.com/plugins/nessus/155172", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4140. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155172);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4140\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:4140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/212.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/287.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/290.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/307.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/345.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/346.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/415.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/682.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/822.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/829.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1957788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1969489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1975949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1976946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1989165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1995249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 120, 125, 200, 212, 252, 287, 290, 307, 345, 346, 362, 400, 415, 416, 476, 662, 667, 682, 772, 787, 822, 829, 835, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:4140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-kvm-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-kvm-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:20:21", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4999-1 advisory.\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-26139", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2021-23133", "CVE-2021-29155", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-33200", "CVE-2021-3609"], "modified": "2021-06-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1029-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1029-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1030-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1033-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1035-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1036-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1038-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-4999-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150954", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4999-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150954);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/23\");\n\n script_cve_id(\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-26139\",\n \"CVE-2020-26141\",\n \"CVE-2020-26145\",\n \"CVE-2020-26147\",\n \"CVE-2021-3609\",\n \"CVE-2021-23133\",\n \"CVE-2021-29155\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"USN\", value:\"4999-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4999-1 advisory.\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the\n context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4999-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33200\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1029-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1029-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1030-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1033-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1035-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1036-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1038-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-59-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2020-25673', 'CVE-2020-26139', 'CVE-2020-26141', 'CVE-2020-26145', 'CVE-2020-26147', 'CVE-2021-3609', 'CVE-2021-23133', 'CVE-2021-29155', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4999-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-1033-oracle', 'pkgver': '5.8.0-1033.34~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-1035-gcp', 'pkgver': '5.8.0-1035.37~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-1036-azure', 'pkgver': '5.8.0-1036.38~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-1038-aws', 'pkgver': '5.8.0-1038.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-59-generic', 'pkgver': '5.8.0-59.66~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-59-generic-64k', 'pkgver': '5.8.0-59.66~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-59-generic-lpae', 'pkgver': '5.8.0-59.66~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-59-lowlatency', 'pkgver': '5.8.0-59.66~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1038.40~20.04.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1036.38~20.04.8'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.8.0.1036.38~20.04.8'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1035.37~20.04.9'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.8.0.1035.37~20.04.9'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.59.66~20.04.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.59.66~20.04.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.59.66~20.04.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.59.66~20.04.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1033.34~20.04.9'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.8.0.1033.34~20.04.9'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.59.66~20.04.42'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1029-raspi', 'pkgver': '5.8.0-1029.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1029-raspi-nolpae', 'pkgver': '5.8.0-1029.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1030-kvm', 'pkgver': '5.8.0-1030.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1033-oracle', 'pkgver': '5.8.0-1033.34'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1035-gcp', 'pkgver': '5.8.0-1035.37'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1036-azure', 'pkgver': '5.8.0-1036.38'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1038-aws', 'pkgver': '5.8.0-1038.40'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-59-generic', 'pkgver': '5.8.0-59.66'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-59-generic-64k', 'pkgver': '5.8.0-59.66'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-59-generic-lpae', 'pkgver': '5.8.0-59.66'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-59-lowlatency', 'pkgver': '5.8.0-59.66'},\n {'osver': '20.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1038.40'},\n {'osver': '20.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1036.36'},\n {'osver': '20.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1035.35'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.8.0.1035.35'},\n {'osver': '20.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.8.0.1030.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1033.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.8.0.1029.31'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.8.0.1029.31'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.59.64'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.59.64'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.8.0-1029-raspi / linux-image-5.8.0-1029-raspi-nolpae / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-09T15:51:04", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4140 advisory.\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel-rt (RLSA-2021:4140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-0129", "CVE-2021-28950", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:bpftool", "p-cpe:/a:rocky:linux:bpftool-debuginfo", "p-cpe:/a:rocky:linux:kernel", "p-cpe:/a:rocky:linux:kernel-abi-stablelists", "p-cpe:/a:rocky:linux:kernel-core", "p-cpe:/a:rocky:linux:kernel-cross-headers", "p-cpe:/a:rocky:linux:kernel-debug", "p-cpe:/a:rocky:linux:kernel-debug-core", "p-cpe:/a:rocky:linux:kernel-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-debug-devel", "p-cpe:/a:rocky:linux:kernel-debug-modules", "p-cpe:/a:rocky:linux:kernel-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-debuginfo", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-devel", "p-cpe:/a:rocky:linux:kernel-headers", "p-cpe:/a:rocky:linux:kernel-modules", "p-cpe:/a:rocky:linux:kernel-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt", "p-cpe:/a:rocky:linux:kernel-rt-core", "p-cpe:/a:rocky:linux:kernel-rt-debug", "p-cpe:/a:rocky:linux:kernel-rt-debug-core", "p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debug-devel", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-rt-devel", "p-cpe:/a:rocky:linux:kernel-rt-modules", "p-cpe:/a:rocky:linux:kernel-rt-modules-extra", "p-cpe:/a:rocky:linux:kernel-tools", "p-cpe:/a:rocky:linux:kernel-tools-debuginfo", "p-cpe:/a:rocky:linux:kernel-tools-libs", "p-cpe:/a:rocky:linux:kernel-tools-libs-devel", "p-cpe:/a:rocky:linux:perf", "p-cpe:/a:rocky:linux:perf-debuginfo", "p-cpe:/a:rocky:linux:python3-perf", "p-cpe:/a:rocky:linux:python3-perf-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-4140.NASL", "href": "https://www.tenable.com/plugins/nessus/157820", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4140.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157820);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2021-0129\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-28950\"\n );\n script_xref(name:\"RLSA\", value:\"2021:4140\");\n\n script_name(english:\"Rocky Linux 8 : kernel-rt (RLSA-2021:4140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:4140 advisory.\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with\n root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1875275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1902412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1905747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1930376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1930379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1930381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1941762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1941784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1945345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1946965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1948772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1951595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1957788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1959559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1959642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1959654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1959657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1959663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1964028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1964139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1965038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1965458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1966578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1969489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1975949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1976946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1981954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1989165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3573\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-0129', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-28950');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2021:4140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8.0.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-debuginfo-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-common-x86_64-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.el8.0.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.el8.0.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-09T15:51:04", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4356 advisory.\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel (RLSA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-0129", "CVE-2021-28950", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:bpftool", "p-cpe:/a:rocky:linux:bpftool-debuginfo", "p-cpe:/a:rocky:linux:kernel", "p-cpe:/a:rocky:linux:kernel-abi-stablelists", "p-cpe:/a:rocky:linux:kernel-core", "p-cpe:/a:rocky:linux:kernel-cross-headers", "p-cpe:/a:rocky:linux:kernel-debug", "p-cpe:/a:rocky:linux:kernel-debug-core", "p-cpe:/a:rocky:linux:kernel-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-debug-devel", "p-cpe:/a:rocky:linux:kernel-debug-modules", "p-cpe:/a:rocky:linux:kernel-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-debuginfo", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-devel", "p-cpe:/a:rocky:linux:kernel-headers", "p-cpe:/a:rocky:linux:kernel-modules", "p-cpe:/a:rocky:linux:kernel-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt", "p-cpe:/a:rocky:linux:kernel-rt-core", "p-cpe:/a:rocky:linux:kernel-rt-debug", "p-cpe:/a:rocky:linux:kernel-rt-debug-core", "p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debug-devel", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-rt-devel", "p-cpe:/a:rocky:linux:kernel-rt-modules", "p-cpe:/a:rocky:linux:kernel-rt-modules-extra", "p-cpe:/a:rocky:linux:kernel-tools", "p-cpe:/a:rocky:linux:kernel-tools-debuginfo", "p-cpe:/a:rocky:linux:kernel-tools-libs", "p-cpe:/a:rocky:linux:kernel-tools-libs-devel", "p-cpe:/a:rocky:linux:perf", "p-cpe:/a:rocky:linux:perf-debuginfo", "p-cpe:/a:rocky:linux:python3-perf", "p-cpe:/a:rocky:linux:python3-perf-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/157815", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4356.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157815);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2021-0129\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-28950\"\n );\n script_xref(name:\"RLSA\", value:\"2021:4356\");\n\n script_name(english:\"Rocky Linux 8 : kernel (RLSA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:4356 advisory.\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with\n root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1509204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1793880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1816493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1900844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1915825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1930376\");\n script_set_attribute(attribute:\"see_

Oracle Linux 8 : kernel (ELSA-2021-4356)

Description

Related