{"id": "ORACLELINUX_ELSA-2021-9009.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009)", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9009 advisory.\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-01-13T00:00:00", "modified": "2021-01-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/144905", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://linux.oracle.com/errata/ELSA-2021-9009.html"], "cvelist": ["CVE-2020-29569", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-28374"], "type": "nessus", "lastseen": "2021-01-14T04:52:24", "edition": 1, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2021-9005", "ELSA-2021-9007", "ELSA-2021-9006", "ELSA-2021-9008", "ELSA-2020-5996", "ELSA-2020-5995", "ELSA-2021-9009"]}, {"type": "cve", "idList": ["CVE-2020-29569", "CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2020-1_0-0345_LINUX.NASL", "ORACLELINUX_ELSA-2021-9005.NASL", "PHOTONOS_PHSA-2021-2_0-0310_LINUX.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "ORACLELINUX_ELSA-2021-9008.NASL", "SUSE_SU-2020-3050-1.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "SUSE_SU-2021-0093-1.NASL", "PHOTONOS_PHSA-2020-3_0-0174_LINUX.NASL"]}, {"type": "xen", "idList": ["XSA-349", "XSA-350"]}, {"type": "ubuntu", "idList": ["USN-4694-1"]}, {"type": "fedora", "idList": ["FEDORA:4928D30A037F", "FEDORA:44B0F30CBD42", "FEDORA:281CE30E401D", "FEDORA:8068430CBD46", "FEDORA:CF851309C00C", "FEDORA:C6B8230CF2BC"]}, {"type": "citrix", "idList": ["CTX284874", "CTX286756"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1783-1", "OPENSUSE-SU-2020:1844-1"]}, {"type": "amazon", "idList": ["ALAS-2020-1462", "ALAS-2021-1461", "ALAS2-2020-1566"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95"]}, {"type": "gentoo", "idList": ["GLSA-202011-06"]}], "modified": "2021-01-14T04:52:24", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-01-14T04:52:24", "rev": 2}, "vulnersScore": 4.5}, "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9009.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144905);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-27673\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9009 advisory.\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9009.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27673', 'CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9009');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-4.1.12-124.46.4.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_prefix':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.46.4.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_prefix':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.46.4.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_prefix':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.46.4.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_prefix':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.46.4.1.el6uek', 'release':'6', 'rpm_prefix':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.46.4.1.el6uek', 'release':'6', 'rpm_prefix':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.46.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.46.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.46.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.46.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.46.4.1.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.46.4.1.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-firmware-4.1.12'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "144905", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}

{"oraclelinux": [{"lastseen": "2021-01-12T23:32:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29569", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-28374"], "description": "[4.1.12-124.46.4.1]\n- target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32248041] {CVE-2020-28374}\n[4.1.12-124.46.4]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32223358] {CVE-2020-29569}", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9009", "href": "http://linux.oracle.com/errata/ELSA-2021-9009.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T23:27:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "description": "[5.4.17-2036.102.0.2uek]\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n[5.4.17-2036.102.0.1uek]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.102.0uek]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}\n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418] \n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069] \n- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279] \n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}\n- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]", "edition": 2, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9006", "href": "http://linux.oracle.com/errata/ELSA-2021-9006.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T23:34:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-29368", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-15437", "CVE-2020-15436", "CVE-2020-28374"], "description": "[4.14.35-2025.404.1.1]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.404.1]\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260256] {CVE-2020-29569}\n[4.14.35-2025.404.0]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201584] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201584] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201584] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201584] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201584]\n[4.14.35-2025.403.5]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210463] \n- mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() (Andrea Arcangeli) [Orabug: 32212583] {CVE-2020-29368}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233358] {CVE-2020-14351}\n[4.14.35-2025.403.4]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227961] {CVE-2020-25705}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159055] \n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159975] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159975] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194608] {CVE-2020-15436}\n- serial: 8250: fix null-ptr-deref in serial8250_start_tx() (Yang Yingliang) [Orabug: 32194712] {CVE-2020-15437}\n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9005", "href": "http://linux.oracle.com/errata/ELSA-2021-9005.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T23:26:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-25705", "CVE-2020-14381", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-28374", "CVE-2020-25704"], "description": "[5.4.17-2036.102.0.2.el7]\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.102.0.el7]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}\n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418]\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069]\n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069]\n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069]\n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069]\n- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069]\n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069]\n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069]\n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069]\n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}\n- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885]\n- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885]\n- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]\n[5.4.17-2036.101.2.el7]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]\n- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973]\n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752]\n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752]\n- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]\n- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521]\n- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237]\n- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992]\n- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]\n[5.4.17-2036.101.1.el7]\n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425]\n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425]\n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425]\n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425]\n- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin()) [Orabug: 32131172] {CVE-2020-25704}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}\n- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]\n[5.4.17-2036.101.0.el7]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142]\n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142]\n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850]\n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850]\n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850]\n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850]\n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]\n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]\n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]\n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]\n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]\n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]\n- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750]\n- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750]\n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472]\n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959]\n- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923]\n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247]\n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245]\n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971]\n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971]\n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971]\n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971]\n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971]\n- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684]\n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]\n- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845]\n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}\n- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040]\n- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040]\n- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040]\n- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040]\n- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040]\n- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148]\n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]\n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}", "edition": 2, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9007", "href": "http://linux.oracle.com/errata/ELSA-2021-9007.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-13T01:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-25705", "CVE-2019-19816", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-29368", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-15437", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-15436", "CVE-2020-28374", "CVE-2020-25704"], "description": "[4.14.35-2025.404.1.1.el7]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040]\n {CVE-2020-28374}\n[4.14.35-2025.404.1.el7]\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260256] {CVE-2020-29569}\n[4.14.35-2025.404.0.el7]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201584]\n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201584]\n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201584]\n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201584]\n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201584]\n[4.14.35-2025.403.5.el7]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210463]\n- mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() (Andrea Arcangeli) [Orabug: 32212583] {CVE-2020-29368}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233358] {CVE-2020-14351}\n[4.14.35-2025.403.4.el7]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227961] {CVE-2020-25705}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159055]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159975]\n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159975]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194608] {CVE-2020-15436}\n- serial: 8250: fix null-ptr-deref in serial8250_start_tx() (Yang Yingliang) [Orabug: 32194712] {CVE-2020-15437}\n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]\n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]\n[4.14.35-2025.403.3.el7]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117]\n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117]\n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117]\n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117]\n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117]\n- uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]\n[4.14.35-2025.403.2.el7]\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin()) [Orabug: 32131175] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898]\n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]\n[4.14.35-2025.403.1.el7]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561]\n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519]\n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016]\n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144]\n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]\n[4.14.35-2025.403.0.el7]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}\n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726]\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726]\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}\n- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320]\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413]\n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843]\n- perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035]\n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095]\n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081]\n- dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352]\n- dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352]\n- dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352]\n- bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352]\n- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352]\n- bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352]\n- md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352]\n- dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352]\n- dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352]\n- md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352]\n- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352]\n- dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352]\n- dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352]\n- md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352]\n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658]\n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658]\n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658]\n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658]\n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658]\n- jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658]\n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}\n- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855]\n- arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061]\n- hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066]\n- Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127]\n- Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127]\n- debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127]\n- debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127]\n- lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127]\n- security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127]\n- net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618]\n- scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622]\n- ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740]\n- mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218]\n- mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218]\n- mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218]\n- KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898]\n- octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651]\n- octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651]\n- octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651]\n- octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651]\n- octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651]\n- octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651]", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9008", "href": "http://linux.oracle.com/errata/ELSA-2021-9008.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-16T19:29:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-28915", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "[5.4.17-2036.101.2uek]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053] \n- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896] \n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752] \n- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521] \n- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521] \n- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237] \n- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992] \n- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]\n[5.4.17-2036.101.1uek]\n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425] \n- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895] \n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}\n- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]\n[5.4.17-2036.101.0uek]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996] \n- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750] \n- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750] \n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472] \n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959] \n- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923] \n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247] \n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245] \n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971] \n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971] \n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971] \n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971] \n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971] \n- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517] \n- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845] \n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}\n- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040] \n- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040] \n- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040] \n- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040] \n- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040] \n- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148] \n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766] \n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}", "edition": 3, "modified": "2020-12-15T00:00:00", "published": "2020-12-15T00:00:00", "id": "ELSA-2020-5996", "href": "http://linux.oracle.com/errata/ELSA-2020-5996.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-15T03:23:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2019-19816", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "[4.14.35-2025.403.3]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117] \n- uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889] \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]\n[4.14.35-2025.403.2]\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]\n[4.14.35-2025.403.1]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]\n[4.14.35-2025.403.0]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}\n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726] \n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726] \n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}\n- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320] \n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413] \n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843] \n- perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035] \n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095] \n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081] \n- dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352] \n- dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352] \n- dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352] \n- bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352] \n- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352] \n- bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352] \n- md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352] \n- dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352] \n- dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352] \n- md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352] \n- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352] \n- dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352] \n- dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352] \n- md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352] \n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658] \n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658] \n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658] \n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658] \n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658] \n- jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658] \n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}\n- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855] \n- arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061] \n- hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066] \n- Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127] \n- Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127] \n- debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127] \n- debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127] \n- lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127] \n- security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127] \n- net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618] \n- scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622] \n- ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740] \n- mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218] \n- mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218] \n- mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218] \n- KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898] \n- octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651] \n- octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651] \n- octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651] \n- octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651] \n- octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651] \n- octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651] \n- octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651] \n- octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651] \n- octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651] \n- octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768] \n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962] \n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532]\n[4.14.35-2025.402.2]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] \n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] \n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] \n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] \n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] \n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n- ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet) ", "edition": 2, "modified": "2020-12-14T00:00:00", "published": "2020-12-14T00:00:00", "id": "ELSA-2020-5995", "href": "http://linux.oracle.com/errata/ELSA-2020-5995.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-20T03:55:40", "description": "An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-12-15T17:15:00", "title": "CVE-2020-29568", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29568"], "modified": "2020-12-18T17:33:00", "cpe": ["cpe:/o:xen:xen:4.14.0"], "id": "CVE-2020-29568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29568", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-20T03:55:40", "description": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-12-15T17:15:00", "title": "CVE-2020-29569", "type": "cve", "cwe": ["CWE-252"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29569"], "modified": "2020-12-18T17:31:00", "cpe": ["cpe:/o:linux:linux_kernel:5.10.1", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:xen:xen:4.14.0"], "id": "CVE-2020-29569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.10.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-01-15T03:00:55", "description": "In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.", "edition": 2, "cvss3": {}, "published": "2021-01-13T04:15:00", "title": "CVE-2020-28374", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2020-28374"], "modified": "2021-01-13T19:15:00", "cpe": [], "id": "CVE-2020-28374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2020-12-20T03:55:39", "description": "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-10-22T21:15:00", "title": "CVE-2020-27673", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27673"], "modified": "2020-12-18T14:15:00", "cpe": [], "id": "CVE-2020-27673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": []}], "nessus": [{"lastseen": "2021-01-14T04:52:23", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9005 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29569", "CVE-2020-29568", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9005.NASL", "href": "https://www.tenable.com/plugins/nessus/144904", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9005.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144904);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9005 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9005');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.404.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.404.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.404.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.404.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2025.404.1.1.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.404.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'python-perf-4.14.35-2025.404.1.1.el7uek', 'cpu':'aarch64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T04:52:23", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9008 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9008)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29569", "CVE-2020-29568", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2021-9008.NASL", "href": "https://www.tenable.com/plugins/nessus/144903", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9008.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144903);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9008)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9008 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9008.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9008');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-4.14.35-2025.404.1.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-4.14.35'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T04:52:23", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9006 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9006.NASL", "href": "https://www.tenable.com/plugins/nessus/144907", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9006.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144907);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9006 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-14381', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9006');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.102.0.2.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'python-perf-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.102.0.2.el8uek', 'release':'8', 'rpm_prefix':'kernel-uek-doc-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T04:52:23", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9007 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9007.NASL", "href": "https://www.tenable.com/plugins/nessus/144906", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9007.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144906);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9007 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-14381', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9007');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.102.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.102.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.102.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.102.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-container-debug-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T01:09:39", "description": "An update of the linux package has been released.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Photon OS 2.0: Linux PHSA-2021-2.0-0310", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29569"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0310_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144898", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0310. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144898);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-29569\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2021-2.0-0310\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-310.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', reference:'linux-api-headers-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-devel-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-docs-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-sound-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-devel-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-docs-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-devel-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-docs-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-oprofile-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-devel-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-docs-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-sound-4.9.249-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-tools-4.9.249-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:30:46", "description": "This update for tcmu-runner fixes the following issues :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1180676).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 1, "cvss3": {}, "published": "2021-01-13T00:00:00", "title": "SUSE SLES15 Security Update : tcmu-runner (SUSE-SU-2021:0093-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libtcmu2-debuginfo", "p-cpe:/a:novell:suse_linux:libtcmu2", "p-cpe:/a:novell:suse_linux:tcmu-runner", "p-cpe:/a:novell:suse_linux:tcmu-runner-debuginfo", "p-cpe:/a:novell:suse_linux:tcmu-runner-debugsource"], "id": "SUSE_SU-2021-0093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144915", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0093-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144915);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-28374\");\n\n script_name(english:\"SUSE SLES15 Security Update : tcmu-runner (SUSE-SU-2021:0093-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tcmu-runner fixes the following issues :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1180676).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28374/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210093-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec0e16ac\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2021-93=1\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtcmu2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtcmu2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcmu-runner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcmu-runner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcmu-runner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtcmu2-1.5.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtcmu2-debuginfo-1.5.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"tcmu-runner-1.5.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"tcmu-runner-debuginfo-1.5.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"tcmu-runner-debugsource-1.5.2-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcmu-runner\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-12T09:09:18", "description": "An update of the linux package has been released.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-10T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2020-1.0-0345", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27675", "CVE-2020-27673"], "modified": "2020-12-10T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0345_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144062", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0345. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144062);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-27673\", \"CVE-2020-27675\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2020-1.0-0345\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-345.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27673\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.246-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.246-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-12T09:09:50", "description": "An update of the linux package has been released.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-10T00:00:00", "title": "Photon OS 3.0: Linux PHSA-2020-3.0-0174", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27675", "CVE-2020-27673"], "modified": "2020-12-10T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0174_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144068", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0174. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144068);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-27673\", \"CVE-2020-27675\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2020-3.0-0174\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-174.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27673\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'linux-api-headers-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-devel-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-docs-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-hmacgen-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-sound-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-devel-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-docs-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-intel-sgx-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-sound-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-devel-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-docs-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-hmacgen-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-hmacgen-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-oprofile-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-python3-perf-4.19.160-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-devel-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-docs-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-devel-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-docs-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-hmacgen-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.19.160-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-tools-4.19.160-2.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-14T01:09:39", "description": "An update of the linux package has been released.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Photon OS 3.0: Linux PHSA-2021-3.0-0182", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29569", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144902", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0182. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144902);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2021-3.0-0182\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-182.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'linux-api-headers-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-sound-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-intel-sgx-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-sound-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-oprofile-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-python3-perf-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-tools-4.19.164-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:30:22", "description": "This update for xen fixes the following issues :\n\nbsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like\nflushes may leave stale TLB entries (XSA-286)\n\nbsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen\nmapping code (XSA-345)\n\nbsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB\nflushes (XSA-346)\n\nbsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table\nupdates (XSA-347)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3049-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27672", "CVE-2020-27671", "CVE-2020-27670", "CVE-2020-27673"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-3049-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3049-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143670);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-27670\", \"CVE-2020-27671\", \"CVE-2020-27672\", \"CVE-2020-27673\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3049-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nbsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like\nflushes may leave stale TLB entries (XSA-286)\n\nbsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen\nmapping code (XSA-345)\n\nbsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB\nflushes (XSA-346)\n\nbsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table\nupdates (XSA-347)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27673/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203049-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e36f399\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-3049=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3049=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27672\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-devel-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.13.1_10-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.13.1_10-3.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2020-12-15T17:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2020-29568"], "description": "#### ISSUE DESCRIPTION\nSome OSes (such as Linux, FreeBSD, NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued.\nAs the queue is unbound, a guest may be able to trigger a OOM in the backend.\n#### IMPACT\nA malicious guest can trigger an OOM in backends.\n#### VULNERABLE SYSTEMS\nAll systems with a FreeBSD, Linux, NetBSD dom0 are vulnerable.\nAll version of those OSes are vulnerable.\n", "edition": 1, "modified": "2020-12-15T12:19:00", "published": "2020-12-15T12:00:00", "id": "XSA-349", "href": "http://xenbits.xen.org/xsa/advisory-349.html", "title": "Frontends can trigger OOM in Backends by update a watched path", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-15T17:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2020-29569"], "description": "#### ISSUE DESCRIPTION\nThe Linux kernel PV block backend expects the kernel thread handler to reset ring-&gt;xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggle between the states connect and disconnect.\nAs a consequence, the block backend may re-use a pointer after it was freed.\n#### IMPACT\nA misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privileged escalation and information leak cannot be ruled out.\n#### VULNERABLE SYSTEMS\nSystems using Linux blkback are vulnerable. This includes most systems with a Linux dom0, or Linux driver domains.\nLinux versions containing a24fa22ce22a (&quot;xen/blkback: don&#39;t use xen_blkif_get() in xen-blkback kthread&quot;), or its backports, are vulnerable. This includes all current linux-stable branches back to at least linux-stable/linux-4.4.y.\nWhen the Xen PV block backend is provided by userspace (eg qemu), that backend is not vulnerable. So configurations where the xl.cfg domain configuration file specifies all disks with backendtype=&quot;qdisk&quot; are not vulnerable.\nThe Linux blkback only supports raw format images, so when all disks have a format than format=&quot;raw&quot;, the system is not vulnerable.\n", "edition": 1, "modified": "2020-12-15T12:19:00", "published": "2020-12-15T12:00:00", "id": "XSA-350", "href": "http://xenbits.xen.org/xsa/advisory-350.html", "title": "Use after free triggered by block frontend in Linux blkback", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2021-01-15T05:38:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "It was discovered that the LIO SCSI target implementation in the Linux \nkernel performed insufficient identifier checking in certain XCOPY \nrequests. An attacker with access to at least one LUN in a multiple \nbackstore environment could use this to expose sensitive information or \nmodify data.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "USN-4694-1", "href": "https://ubuntu.com/security/notices/USN-4694-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "The kernel meta package ", "modified": "2021-01-16T01:35:11", "published": "2021-01-16T01:35:11", "id": "FEDORA:281CE30E401D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.10.7-200.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2021-01-16T01:35:11", "published": "2021-01-16T01:35:11", "id": "FEDORA:C6B8230CF2BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "The kernel meta package ", "modified": "2021-01-16T01:24:20", "published": "2021-01-16T01:24:20", "id": "FEDORA:44B0F30CBD42", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.10.7-100.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2021-01-16T01:24:20", "published": "2021-01-16T01:24:20", "id": "FEDORA:8068430CBD46", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-headers-5.10.7-100.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-27673"], "description": "The kernel meta package ", "modified": "2020-11-16T01:09:27", "published": "2020-11-16T01:09:27", "id": "FEDORA:4928D30A037F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.9.8-200.fc33", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-27673"], "description": "The kernel meta package ", "modified": "2020-11-16T01:13:01", "published": "2020-11-16T01:13:01", "id": "FEDORA:CF851309C00C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.9.8-100.fc32", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "citrix": [{"lastseen": "2020-12-23T11:42:41", "bulletinFamily": "software", "cvelist": ["CVE-2020-29479", "CVE-2020-29480", "CVE-2020-29481", "CVE-2020-29482", "CVE-2020-29485", "CVE-2020-29486", "CVE-2020-29487", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29570"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><h2>Description of Problem</h2> Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service.\n<br/>\n<br/>These vulnerabilities have the following identifiers: \n<table>\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE ID</td>\n<td colspan=\"1\" rowspan=\"1\">Description</td>\n<td colspan=\"1\" rowspan=\"1\">Vulnerability Type</td>\n<td colspan=\"1\" rowspan=\"1\">Pre-conditions</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29479</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can compromise the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-707: Improper Neutralization</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29480</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can read non-sensitive metadata about another guest</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-284: Improper Access Control</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29481</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can read data previously shared, using the Xenstore API, between two other guests</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29482</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29485</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29486</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host or a selected other VM</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29487</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29568</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29569</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE-2020-29570</td>\n<td colspan=\"1\" rowspan=\"1\">An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host</td>\n<td colspan=\"1\" rowspan=\"1\">CWE-664: Improper Control of a Resource Through its Lifetime</td>\n<td colspan=\"1\" rowspan=\"1\">Administrator access in guest</td>\n</tr>\n</tbody>\n</table>\n<br/>These issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR.\n<br/>\n<h2>What Customers Should Do</h2> Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as soon as practicable. The hotfixes can be downloaded from the following locations:\n<br/>\n<br/>Citrix Hypervisor 8.2 LTSR:\n<br/>CTX286796 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286796\">https://support.citrix.com/article/CTX286796</a> and\n<br/>CTX286800 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286800\">https://support.citrix.com/article/CTX286800</a> and\n<br/>CTX286804 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286804\">https://support.citrix.com/article/CTX286804</a>\n<br/>\n<br/>Citrix Hypervisor 8.1:\n<br/>CTX286795 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286795\">https://support.citrix.com/article/CTX286795</a> and\n<br/>CTX286799 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286799\">https://support.citrix.com/article/CTX286799</a> and\n<br/>CTX286803 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286803\">https://support.citrix.com/article/CTX286803</a>\n<br/>\n<br/>Citrix XenServer 7.1 LTSR CU2:\n<br/>CTX286794 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286794\">https://support.citrix.com/article/CTX286794</a> and\n<br/>CTX286798 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286798\">https://support.citrix.com/article/CTX286798</a> and\n<br/>CTX286802 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286802\">https://support.citrix.com/article/CTX286802</a>\n<br/>\n<br/>Citrix XenServer 7.0:\n<br/>CTX286793 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286793\">https://support.citrix.com/article/CTX286793</a> and\n<br/>CTX286797 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286797\">https://support.citrix.com/article/CTX286797</a> and\n<br/>CTX286801 \u2013 \n<a href=\"https://support.citrix.com/article/CTX286801\">https://support.citrix.com/article/CTX286801</a>\n<br/>\n<h2>What Citrix Is Doing</h2> Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at \n<a href=\"http://support.citrix.com/\">http://support.citrix.com/</a>.\n<br/>\n<h2>Obtaining Support on This Issue</h2> If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at \n<a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a>.\n<br/>\n<h2>Reporting Security Vulnerabilities</h2> Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: \u2013 \n<a href=\"https://www.citrix.com/about/trust-center/vulnerability-process.html\">https://www.citrix.com/about/trust-center/vulnerability-process.html</a>\n<br/>\n<h2>Disclaimer</h2> This document is provided on an \"as is\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time.\n<br/>\n<h2>Changelog</h2>\n<table>\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">Date</td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-12-15</td>\n<td colspan=\"1\" rowspan=\"1\">Initial Publication</td>\n</tr>\n</tbody>\n</table>\n<h2> </h2></div>\n</section>", "modified": "2020-12-15T16:13:56", "published": "2020-12-15T13:18:47", "id": "CTX286756", "href": "https://support.citrix.com/article/CTX286756", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-24T11:43:05", "bulletinFamily": "software", "cvelist": ["CVE-2020-27670", "CVE-2020-27671", "CVE-2020-27672", "CVE-2020-27673", "CVE-2020-27674", "CVE-2020-27675"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<h2> Description of Problem</h2>\n<div>\n<div>\n<div>\n<p>Several security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow:</p>\n<ul>\n<li>unprivileged code in a PV guest VM to compromise that PV guest VM</li>\n<li>privileged code in a guest VM to cause the host to crash or become unresponsive</li>\n<li>privileged code in an HVM guest VM, to which the host administrator has assigned a PCI passthrough device, to corrupt in-memory data of the host or other VMs and potentially cause the host to crash.</li>\n</ul>\n<p>These issues have the following identifiers:</p>\n<ul>\n<li>CVE-2020-27670</li>\n<li>CVE-2020-27671</li>\n<li>CVE-2020-27672</li>\n<li>CVE-2020-27673</li>\n<li>CVE-2020-27674</li>\n<li>CVE-2020-27675</li>\n</ul>\n<p>These issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Customers Should Do</h2>\n<div>\n<div>\n<div>\n<p>Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix Hypervisor 8.2 LTSR: CTX283510 \u2013 <a href=\"https://support.citrix.com/article/CTX283510\">https://support.citrix.com/article/CTX283510</a> and CTX283516 \u2013 <a href=\"https://support.citrix.com/article/CTX283516\">https://support.citrix.com/article/CTX283516</a></p>\n<p>Citrix Hypervisor 8.1: CTX283509 \u2013 <a href=\"https://support.citrix.com/article/CTX283509\">https://support.citrix.com/article/CTX283509</a> and CTX283515 \u2013 <a href=\"https://support.citrix.com/article/CTX283515\">https://support.citrix.com/article/CTX283515</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX283508 \u2013 <a href=\"https://support.citrix.com/article/CTX283508\">https://support.citrix.com/article/CTX283508</a> and CTX283514 \u2013 <a href=\"https://support.citrix.com/article/CTX283514\">https://support.citrix.com/article/CTX283514</a></p>\n<p>Citrix XenServer 7.0: CTX283507 \u2013 <a href=\"https://support.citrix.com/article/CTX283507\">https://support.citrix.com/article/CTX283507</a> and CTX283512 \u2013 <a href=\"https://support.citrix.com/article/CTX283512\">https://support.citrix.com/article/CTX283512</a></p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Citrix Is Doing</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Obtaining Support on This Issue</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Reporting Security Vulnerabilities</h2>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please visit the Citrix Trust Center at <a href=\"https://www.citrix.com/about/trust-center/vulnerability-process.html\">https://www.citrix.com/about/trust-center/vulnerability-process.html</a>.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">Date </td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-10-27</td>\n<td colspan=\"1\" rowspan=\"1\">Initial Publication</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-10-27</td>\n<td colspan=\"1\" rowspan=\"1\">Corrected links to hotfixes</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "modified": "2020-10-27T04:00:00", "published": "2020-10-27T04:00:00", "id": "CTX284874", "href": "https://support.citrix.com/article/CTX284874", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-10-31T11:16:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27672", "CVE-2020-27671", "CVE-2020-27670", "CVE-2020-27673"], "description": "This update for xen fixes the following issues:\n\n - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like\n flushes may leave stale TLB entries (XSA-286)\n - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping\n code (XSA-345)\n - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB\n flushes (XSA-346)\n - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table\n updates (XSA-347)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n", "edition": 1, "modified": "2020-10-31T06:14:37", "published": "2020-10-31T06:14:37", "id": "OPENSUSE-SU-2020:1783-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-06T03:17:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27672", "CVE-2020-27671", "CVE-2020-27670", "CVE-2020-27673"], "description": "This update for xen fixes the following issues:\n\n - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like\n flushes may leave stale TLB entries (XSA-286)\n - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping\n code (XSA-345)\n - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB\n flushes (XSA-346)\n - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table\n updates (XSA-347)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-11-06T00:29:27", "published": "2020-11-06T00:29:27", "id": "OPENSUSE-SU-2020:1844-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-12-19T03:32:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before the struct sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit thus causing UAF. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2020-12-16T20:31:00", "published": "2020-12-16T20:31:00", "id": "ALAS-2020-1462", "href": "https://alas.aws.amazon.com/ALAS-2020-1462.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-23T15:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. \nThis issue impacts guests running on top of PowerVM or KVM hypervisors (pseries platform), and does *not* impact bare-metal machines (powernv platform). ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.209-160.335.amzn2.aarch64 \n kernel-headers-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.209-160.335.amzn2.aarch64 \n perf-4.14.209-160.335.amzn2.aarch64 \n perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n python-perf-4.14.209-160.335.amzn2.aarch64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-4.14.209-160.335.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.209-160.335.amzn2.i686 \n \n src: \n kernel-4.14.209-160.335.amzn2.src \n \n x86_64: \n kernel-4.14.209-160.335.amzn2.x86_64 \n kernel-headers-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-160.335.amzn2.x86_64 \n perf-4.14.209-160.335.amzn2.x86_64 \n perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n python-perf-4.14.209-160.335.amzn2.x86_64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-livepatch-4.14.209-160.335-1.0-0.amzn2.x86_64 \n \n \n", "edition": 2, "modified": "2020-12-08T20:55:00", "published": "2020-12-08T20:55:00", "id": "ALAS2-2020-1566", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T01:28:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nA flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2021-01-12T22:51:00", "published": "2021-01-12T22:51:00", "id": "ALAS-2021-1461", "href": "https://alas.aws.amazon.com/ALAS-2021-1461.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-12-19T01:26:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-0427", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 18, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.246-2\nCVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 \n CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-0427\n\n Elena Petrova reported a bug in the pinctrl subsystem that can\n lead to a use-after-free after a device is renamed. The security\n impact of this is unclear.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian&#x27;s kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25645\n\n A flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec is\n configured to encrypt traffic for the specific UDP port used by the\n GENEVE tunnel, tunneled data isn&#x27;t correctly routed over the\n encrypted link and sent unencrypted instead.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian&#x27;s kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to &quot;poison&quot; DNS\n caches with spoofed responses (&quot;SAD DNS&quot; attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 1, "modified": "2020-12-18T12:14:21", "published": "2020-12-18T12:14:21", "id": "DEBIAN:DLA-2494-1:12C95", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00027.html", "title": "[SECURITY] [DLA 2494-1] linux security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-11T01:25:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2019-19770", "CVE-2020-27675", "CVE-2019-19816", "CVE-2019-19039", "CVE-2020-25669", "CVE-2020-28941", "CVE-2019-19377", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-0423", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 05, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.160-2~deb9u1\nCVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816\n CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656\n CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705\n CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974\nDebian Bug : 949863 968623 971058\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2019-19039\n\n &quot;Team bobfuzzer&quot; reported a bug in Btrfs that could lead to an\n assertion failure (WARN). A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash) if the panic_on_warn kernel parameter is set.\n\nCVE-2019-19377\n\n &quot;Team bobfuzzer&quot; reported a bug in Btrfs that could lead to a\n use-after-free. A user permitted to mount and access arbitrary\n filesystems could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2019-19770\n\n The syzbot tool discovered a race condition in the block I/O\n tracer (blktrace) that could lead to a system crash. Since\n blktrace can only be controlled by privileged users, the security\n impact of this is unclear.\n\nCVE-2019-19816\n\n &quot;Team bobfuzzer&quot; reported a bug in Btrfs that could lead to an\n out-of-bounds write. A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-0423\n\n A race condition was discovered in the Android binder driver, that\n could result in a use-after-free. On systems using this driver, a\n local user could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian&#x27;s kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian&#x27;s kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to &quot;poison&quot; DNS\n caches with spoofed responses (&quot;SAD DNS&quot; attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28941\n\n Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen\n reader subsystem. Speakup assumed that it would only be bound to\n one terminal (tty) device at a time, but did not enforce this. A\n local user could exploit this bug to cause a denial of service\n (crash or memory exhaustion).\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.160-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 1, "modified": "2020-12-10T11:55:59", "published": "2020-12-10T11:55:59", "id": "DEBIAN:DLA-2483-1:37DA1", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00015.html", "title": "[SECURITY] [DLA 2483-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-11-11T09:13:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25603", "CVE-2020-25602", "CVE-2020-27675", "CVE-2020-25601", "CVE-2020-25600", "CVE-2020-25604", "CVE-2020-25596", "CVE-2020-27672", "CVE-2020-27671", "CVE-2020-25599", "CVE-2020-25598", "CVE-2020-27670", "CVE-2020-27673", "CVE-2020-25597", "CVE-2020-25595", "CVE-2020-27674"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.13.1-r5\"\n \n\nAll Xen Tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-tools-4.13.1-r5\"", "edition": 1, "modified": "2020-11-11T00:00:00", "published": "2020-11-11T00:00:00", "id": "GLSA-202011-06", "href": "https://security.gentoo.org/glsa/202011-06", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}