Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9557)

2022-07-05T00:00:00

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9557 advisory. - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28390) - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388) - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "ORACLELINUX_ELSA-2022-9557.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9557)", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9557 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-07-05T00:00:00", "modified": "2022-07-05T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/162732", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390", "https://linux.oracle.com/errata/ELSA-2022-9557.html"], "cvelist": ["CVE-2022-1652", "CVE-2022-28388", "CVE-2022-28390"], "immutableFields": [], "lastseen": "2023-03-21T05:39:42", "viewCount": 16, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7683"]}, {"type": "amazon", "idList": ["ALAS-2022-1591", "ALAS2-2022-1793"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650377026", "CLSA-2022:1650377052"]}, {"type": "cve", "idList": ["CVE-2022-1652", "CVE-2022-28388", "CVE-2022-28390"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3065-1:C1710", "DEBIAN:DSA-5127-1:B6959", "DEBIAN:DSA-5173-1:5A28E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-1652", "DEBIANCVE:CVE-2022-28388", "DEBIANCVE:CVE-2022-28390"]}, {"type": "fedora", "idList": ["FEDORA:11BA63093F7B", "FEDORA:23A0030AD936", "FEDORA:5D5BA3025879"]}, {"type": "ibm", "idList": ["7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5"]}, {"type": "ics", "idList": ["ICSA-23-075-01"]}, {"type": "mageia", "idList": ["MGASA-2022-0154", "MGASA-2022-0155"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1793.NASL", "ALA_ALAS-2022-1591.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DSA-5127.NASL", "DEBIAN_DSA-5173.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2257.NASL", "EULEROS_SA-2022-2273.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2619.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "MARINER_KERNEL_CVE-2022-28388.NASL", "MARINER_KERNEL_CVE-2022-28390.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9533.NASL", "ORACLELINUX_ELSA-2022-9534.NASL", "ORACLELINUX_ELSA-2022-9582.NASL", "ORACLELINUX_ELSA-2022-9583.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLEVM_OVMSA-2022-0019.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SUSE_SU-2022-1163-1.NASL", "SUSE_SU-2022-1183-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1197-1.NASL", "SUSE_SU-2022-1255-1.NASL", "SUSE_SU-2022-1256-1.NASL", "SUSE_SU-2022-1257-1.NASL", "SUSE_SU-2022-1266-1.NASL", "SUSE_SU-2022-1267-1.NASL", "SUSE_SU-2022-1402-1.NASL", "SUSE_SU-2022-1407-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2078-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2083-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2116-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2699-1.NASL", "SUSE_SU-2022-2700-1.NASL", "SUSE_SU-2022-2709-1.NASL", "SUSE_SU-2022-2726-1.NASL", "SUSE_SU-2022-2727-1.NASL", "SUSE_SU-2022-2728-1.NASL", "SUSE_SU-2022-2738-1.NASL", "SUSE_SU-2022-2745-1.NASL", "SUSE_SU-2022-2766-1.NASL", "SUSE_SU-2022-2770-1.NASL", "SUSE_SU-2022-2776-1.NASL", "SUSE_SU-2022-2780-1.NASL", "SUSE_SU-2022-2783-1.NASL", "SUSE_SU-2022-2789-1.NASL", "SUSE_SU-2022-2854-1.NASL", "SUSE_SU-2022-3342-1.NASL", "SUSE_SU-2022-3350-1.NASL", "SUSE_SU-2022-3359-1.NASL", "SUSE_SU-2022-3360-1.NASL", "SUSE_SU-2022-3368-1.NASL", "SUSE_SU-2022-3370-1.NASL", "SUSE_SU-2022-3373-1.NASL", "SUSE_SU-2022-3407-1.NASL", "SUSE_SU-2022-3409-1.NASL", "SUSE_SU-2022-3424-1.NASL", "SUSE_SU-2022-3433-1.NASL", "SUSE_SU-2022-3445-1.NASL", "SUSE_SU-2022-3464-1.NASL", "SUSE_SU-2022-3476-1.NASL", "UBUNTU_USN-5413-1.NASL", "UBUNTU_USN-5416-1.NASL", "UBUNTU_USN-5466-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5468-1.NASL", "UBUNTU_USN-5469-1.NASL", "UBUNTU_USN-5493-1.NASL", "UBUNTU_USN-5493-2.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5529-1.NASL", "UBUNTU_USN-5539-1.NASL", "UBUNTU_USN-5541-1.NASL", "UBUNTU_USN-5544-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5582-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9533", "ELSA-2022-9534", "ELSA-2022-9557", "ELSA-2022-9582", "ELSA-2022-9583", "ELSA-2022-9590", "ELSA-2022-9591"]}, {"type": "osv", "idList": ["OSV:DLA-3065-1", "OSV:DSA-5127-1", "OSV:DSA-5173-1"]}, {"type": "photon", "idList": ["PHSA-2022-3.0-0409"]}, {"type": "redhat", "idList": ["RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:9040"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-1652", "RH:CVE-2022-28388", "RH:CVE-2022-28389", "RH:CVE-2022-28390"]}, {"type": "rocky", "idList": ["RLSA-2022:7444", "RLSA-2022:7683"]}, {"type": "slackware", "idList": ["SSA-2022-129-01", "SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2177-1", "SUSE-SU-2022:1163-1", "SUSE-SU-2022:1183-1", "SUSE-SU-2022:1256-1", "SUSE-SU-2022:2078-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2615-1"]}, {"type": "ubuntu", "idList": ["USN-5413-1", "USN-5416-1", "USN-5466-1", "USN-5467-1", "USN-5468-1", "USN-5469-1", "USN-5493-1", "USN-5493-2", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5529-1", "USN-5539-1", "USN-5541-1", "USN-5544-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5566-1", "USN-5582-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-1652", "UB:CVE-2022-28388", "UB:CVE-2022-28390"]}, {"type": "veracode", "idList": ["VERACODE:36020", "VERACODE:36596"]}]}, "epss": [{"cve": "CVE-2022-1652", "epss": "0.000430000", "percentile": "0.058720000", "modified": "2023-03-20"}, {"cve": "CVE-2022-28388", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}, {"cve": "CVE-2022-28390", "epss": "0.000420000", "percentile": "0.056330000", "modified": "2023-03-20"}], "vulnersScore": 0.3}, "_state": {"score": 0, "dependencies": 1679377277, "epss": 1679377163}, "_internal": {"score_hash": "621e609c3f01be993715be054215df16"}, "pluginID": "162732", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9557.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162732);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/05\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-28388\", \"CVE-2022-28390\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9557)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9557 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9557.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.64.1.el6uek', '4.1.12-124.64.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9557');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.64.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.64.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.64.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.64.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.64.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.64.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.64.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.64.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-1652", "vendor_cvss2": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-07-05T00:00:00", "vulnerabilityPublicationDate": "2022-04-03T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2022-07-05T18:10:00", "description": "[4.1.12-124.64.1]\n- iscsi-target: Fix the issue with shutdown_session removal (Gulam Mohamed) [Orabug: 29661566] \n- scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Gulam Mohamed) [Orabug: 29661566] \n- scsi: target: remove boilerplate code (Gulam Mohamed) [Orabug: 29661566] \n- iscsi-target: remove usage of ->shutdown_session (Gulam Mohamed) [Orabug: 29661566] \n- Drop the left-over iscsi-target hack (Gulam Mohamed) [Orabug: 29661566] \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048290] {CVE-2022-28388}\n- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048329] {CVE-2022-28390}\n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218641] {CVE-2022-1652}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-28388", "CVE-2022-28390"], "modified": "2022-07-05T00:00:00", "id": "ELSA-2022-9557", "href": "http://linux.oracle.com/errata/ELSA-2022-9557.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:48", "description": "[5.15.0-0.30.19]\n- net/mlx4: Increase num_srq in low_mem_profile (Dave Kleikamp) [Orabug: 34052160]\n[5.15.0-0.30.18]\n- Revert ocfs2: mount shared volume without ha stack (Junxiao Bi) [Orabug: 33701900] \n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n[5.15.0-0.30.17]\n- uek-rpm: New shim versions and secureboot certs (Jack Vogel) [Orabug: 34219956]\n[5.15.0-0.30.16]\n- perf: Correct the label position in perf_event_open (Jack Vogel) [Orabug: 34172708]\n[5.15.0-0.30.15]\n- sched: Fix non-CONFIG_SCHED_CORE build (Boris Ostrovsky) [Orabug: 34228424]\n[5.15.0-0.30.14]\n- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34152698] {CVE-2022-21499}\n- io_uring: fix race between timeout flush and removal (Jens Axboe) [Orabug: 34115159] {CVE-2022-29582}\n- kvm/x86: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] \n- vhost: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] \n- sched: Add interface for copying core scheduling cookie between two tasks (Boris Ostrovsky) [Orabug: 34195867] \n- KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205798] {CVE-2022-1852} {CVE-2022-1852}\n- uek-rpm: Added squashfs module to core rpm for kdump (Vijayendra Suman) [Orabug: 34206290] \n- uek-rpm: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Harshit Mogalapalli) [Orabug: 34209438]\n[5.15.0-0.30.13]\n- perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172708] {CVE-2022-1729}\n- uek-rpm: Enable dependencies needed by CONFIG_SND_SOC_INTEL_HDA_DSP_COMMON (Brian Maly) [Orabug: 33711352]\n[5.15.0-0.30.12]\n- docs: kdump: Update the crashkernel description for arm64 (Zhen Lei) [Orabug: 34052160] \n- of: fdt: Add memory for devices by DT property linux,usable-memory-range (Chen Zhou) [Orabug: 34052160] \n- arm64: kdump: Reimplement crashkernel=X (Chen Zhou) [Orabug: 34052160] \n- arm64: Use insert_resource() to simplify code (Zhen Lei) [Orabug: 34052160] \n- kdump: return -ENOENT if required cmdline option does not exist (Zhen Lei) [Orabug: 34052160] \n- Revert x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: make the lower bound of crash kernel reservation consistent (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel() (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: move xen_pv_domain() check and insert_resource() to setup_arch() (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86/elf: Move vmcore_elf_check_arch_cross to arch/x86/include/asm/elf.h (Dave Kleikamp) [Orabug: 34052160] \n- Revert arm64: kdump: introduce some macroes for crash kernel reservation (Dave Kleikamp) [Orabug: 34052160] \n- Revert arm64: kdump: reimplement crashkernel=X (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86, arm64: Add ARCH_WANT_RESERVE_CRASH_KERNEL config (Dave Kleikamp) [Orabug: 34052160] \n- Revert kdump: update Documentation about crashkernel (Dave Kleikamp) [Orabug: 34052160] \n- uek-rpm: Add modules required to pass selinux-testsuites to core rpm (Somasundaram Krishnasamy) [Orabug: 34129238] \n- uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146029] \n- uek-rpm: Add modules to allow podman tests to run on core kernel. (Somasundaram Krishnasamy) [Orabug: 34123777]\n[5.15.0-0.30.11]\n- uek: kabi: Update kABI files and enable the kABI checker (Saeed Mirzamohammadi) [Orabug: 34044324] \n- Revert rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] \n- Revert rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] \n- Revert rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603]\n[5.15.0-0.30.10]\n- xfs, iomap: limit individual ioend chain lengths in writeback (Dave Chinner) [Orabug: 34085022] \n- xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085022] \n- vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085022] \n- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085022] \n- xfs: flush inodegc workqueue tasks before cancel (Brian Foster) [Orabug: 34085022] \n- xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085022] \n- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085022] \n- xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085022] \n- xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085022] \n- x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100359] \n- x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100359] \n- x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100359] \n- perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100359] \n- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100359] \n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105317] \n- uek-rpm: Move needed modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34124573] [Orabug: 34130428] [Orabug: 34130346] \n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135342] {CVE-2022-1353}\n[5.15.0-0.30.9]\n- uek-rpm: Enable CONFIG_KFENCE (Joe Jin) [Orabug: 34125090] \n- rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34106050] \n- uek-rpm: Move few modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34087568] \n- bpf: Emit bpf_timer in vmlinux BTF (Yonghong Song) [Orabug: 34085523] \n- selftests/bpf: Define SYS_NANOSLEEP_KPROBE_NAME for aarch64 (Ilya Leoshkevich) [Orabug: 34085523] \n- KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (Paolo Bonzini) [Orabug: 34048938] {CVE-2022-1263}\n[5.15.0-0.30.8]\n- Revert locking/rwsem: Make handoff bit handling more consistent (John Donnelly) [Orabug: 34087272] \n- Revert locking/rwsem: Always try to wake waiters in out_nolock path (John Donnelly) [Orabug: 34087272] \n- x86, ctf: fix CTF suppression in the vDSO (Nick Alcock) [Orabug: 34090171]\n[5.15.0-0.30.7]\n- uek-rpm: config: Add support for resilient_rdmaip new kernel module (Sudhakar Dindukurti) [Orabug: 27718686] [Orabug: 30777254] [Orabug: 33877197] \n- resilient_rdmaip: replace inet_ioctl() with devinet_ioctl() (Qing Huang) [Orabug: 33877197] \n- rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] [Orabug: 33877197] \n- A/A Bonding: remove use of trace_printk(), replacing with tracepoints (Alan Maguire) [Orabug: 32969529] [Orabug: 33877197] \n- A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32486193] [Orabug: 33877197] \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] [Orabug: 33877197] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881] [Orabug: 33877197] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] [Orabug: 33877197] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] [Orabug: 33877197] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095765] [Orabug: 33877197] \n- A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 30875610] [Orabug: 33877197] \n- A/A Bonding: Change debug levels for some debug messages (Sudhakar Dindukurti) [Orabug: 30430839] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Remove rdmaip_garp_wq work queue (Sudhakar Dindukurti) [Orabug: 30507174] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: rdmaip does not send IPv6 address change notification (Ka-Cheong Poon) [Orabug: 30312121] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Memory leak in rdmaip_send_gratuitous_arp (Dag Moxnes) [Orabug: 30434319] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Use correct port when calling ib_query_port (Dag Moxnes) [Orabug: 30433360] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Validate rdmaip_active_bonding_arps module parameter (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Flush all the delayed works posted to rdmaip_garps_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Rename riif_dlywork to rdmaip_dlywork (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Rename rdmaip_port_ud_work to rdmaip_dly_work_req (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Flush all the delayed works posted to rdmaip_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29379514] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Miscellaneous module unload changes (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Skip sending GARPs when module unload is in progress (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Port status is not updated correctly for dynamically added netdevs (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: rdmaip_add_new_rdmaip_port() - remove unused port argument (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: rdmaip_inetaddr_unregister() - minor updates (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Switch from dma_device to dev.parent (Dag Moxnes) [Orabug: 30149027] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Increase default net.rdmaip.active_bonding_failback_ms (Sudhakar Dindukurti) [Orabug: 30184200] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Optimize rdmaip_impl_inetaddr_event() (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: ResilientRDMA does not failback on nodes configured with unused VFs starting in 1902.1.0 (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] \n- Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761370] [Orabug: 30777254] [Orabug: 33877197] \n- RoCE:KVM guest: failover doesnt work if an interface isnt configured (Sudhakar Dindukurti) [Orabug: 29476868] [Orabug: 30777254] [Orabug: 33877197] \n- Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29683262] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29629971] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Potential race conditions in the module unload path (Sudhakar Dindukurti) [Orabug: 29301129] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Avoid calling ib_query_gid() by holding the dev_base_lock (Sudhakar Dindukurti) [Orabug: 29350401] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: ib_query_port() sleeping function called in a invalid context (Sudhakar Dindukurti) [Orabug: 29391490] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Sleeping function mutex_lock() called in invalid context (Sudhakar Dindukurti) [Orabug: 29430627] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Name structure fields appropriately (for better readability) (Sudhakar Dindukurti) [Orabug: 29168419] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add rdmaip_process_async_event() (Sudhakar Dindukurti) [Orabug: 29168346] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Potential race conditions (Sudhakar Dindukurti) [Orabug: 29172556] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: check return value of the rdmaip_init_port (Sudhakar Dindukurti) [Orabug: 29168307] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Optimize rdmaip_event_handler() (Sudhakar Dindukurti) [Orabug: 29168253] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add new function rdmaip_sched_failover_failback() to sechedule failover/failback (Sudhakar Dindukurti) [Orabug: 29167542] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Skip failover and failback operations during network reconfiguration (Sudhakar Dindukurti) [Orabug: 28946148] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add new function rdmaip_add_new_rdmaip_port() (Sudhakar Dindukurti) [Orabug: 29167497] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add rdmaip_update_port_status_all_layers() function (Sudhakar Dindukurti) [Orabug: 29213051] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add a new function rdmaip_find_port_tstate() to find port transition state (Sudhakar Dindukurti) [Orabug: 29162871] [Orabug: 30777254] [Orabug: 33877197] \n- Replace alloc_page() with static allocation (Sudhakar Dindukurti) [Orabug: 29162759] [Orabug: 30777254] [Orabug: 33877197] \n- Log full interface name including label during IPv4 migration (Sudhakar Dindukurti) [Orabug: 29019945] [Orabug: 30777254] [Orabug: 33877197] \n- A/A : Failover and failback does not work for IP aliases (Sudhakar Dindukurti) [Orabug: 29019964] [Orabug: 30777254] [Orabug: 33877197] \n- Node crashes when trace buffer is opened (Sudhakar Dindukurti) [Orabug: 28988861] [Orabug: 30777254] [Orabug: 33877197] \n- module unload: Restore IPs during module unloading (Sudhakar Dindukurti) [Orabug: 27902037] [Orabug: 30777254] [Orabug: 33877197] \n- Memory leak in rdmaip_device_remove() (Sudhakar Dindukurti) [Orabug: 28496850] [Orabug: 30777254] [Orabug: 33877197] \n- resilient_rdmaip: Remove unused variable (Sudhakar Dindukurti) [Orabug: 28925778] [Orabug: 30777254] [Orabug: 33877197] \n- A/A failback does not work in concert with ibacm (Hakon Bugge) [Orabug: 28919144] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: fix returned value not set error (Zhu Yanjun) [Orabug: 28175433] [Orabug: 30777254] [Orabug: 33877197] \n- IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) [Orabug: 28096172] [Orabug: 30777254] [Orabug: 33877197] \n- IB/rdmaip: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198705] [Orabug: 30777254] [Orabug: 33877197] \n- GARP Messages should be sent on the same port where IP is bound (Sudhakar Dindukurti) [Orabug: 28085445] [Orabug: 30777254] [Orabug: 33877197] \n- system panic with active bonding enabled via resilient_rdmaip (Sudhakar Dindukurti) [Orabug: 28073806] [Orabug: 30777254] [Orabug: 33877197] \n- Resilient RDMAIP should not attempt to failover/failback for the ports in grp 0 (Sudhakar Dindukurti) [Orabug: 28049781] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: ib0 is already part of another failover group (Sudhakar Dindukurti) [Orabug: 27818669] [Orabug: 30777254] [Orabug: 33877197] \n- Minor typos in resilient_rdmaip parameter description (Sudhakar Dindukurti) [Orabug: 27890256] [Orabug: 30777254] [Orabug: 33877197] \n- Garbled log messages related to resilient_rdmaip driver (Sudhakar Dindukurti) [Orabug: 27935928] [Orabug: 30777254] [Orabug: 33877197] \n- Add Resilient RDMAIP module (Sudhakar Dindukurti) [Orabug: 27718676] [Orabug: 30777254] [Orabug: 33877197] \n- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [Orabug: 34096642] \n- netfilter: conntrack: move synack init code to helper (Florian Westphal) [Orabug: 34096642] \n- uek-rpm: Add few more missing modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34095625] \n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34095621] \n- IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094200] \n- SUNRPC: Do not dereference non-socket transports in sysfs (Trond Myklebust) [Orabug: 34056478] \n- SUNRPC: lock against ->sock changing during sysfs read (NeilBrown) [Orabug: 34056478] \n- SUNRPC: Check if the xprt is connected before handling sysfs reads (Anna Schumaker) [Orabug: 34056478] \n- uek-rpm: Enable CONFIG_FS_VERITY (Victor Erminpour) [Orabug: 34048393]\n[5.15.0-0.30.6]\n- uek-rpm: Update kernel-uek-core rpm module list. (Somasundaram Krishnasamy) [Orabug: 34078005] \n- Revert scsi: core: Register sysfs attributes earlier (John Donnelly) [Orabug: 34087517] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 34049087] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 34049087] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 34049087] \n- mlx5_core: set module param expose_pf_phys_port_name to true (Sharath Srinivasan) [Orabug: 33960521] \n- uek-rpm: Fix DEFAULTKERNEL for aarch 64k rpms. (Somasundaram Krishnasamy) [Orabug: 33900644] \n- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (Dave Chinner) [Orabug: 33705403]\n[5.15.0-0.30.5]\n- iov_iter: Introduce nofault flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] \n- gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] \n- scsi: core: Use a structure member to track the SCSI command submitter (Bart Van Assche) [Orabug: 34075214] \n- uek: kabi: add KABI padding to x86 struct fpu (Eric DeVolder) [Orabug: 34070418] \n- uek: kabi: add KABI padding to udp and phy sturcts (Qing Huang) [Orabug: 34066357] \n- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 34064652] \n- scsi: core: Register sysfs attributes earlier (Bart Van Assche) [Orabug: 34063798] \n- uek: kabi: add kABI padding to arch/x86/include/asm/processor.h (Thomas Tai) [Orabug: 34059795] \n- x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053699] \n- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048326] {CVE-2022-28390}\n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048287] {CVE-2022-28388}\n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34039112] \n- intel_idle: add preferred_cstates module argument (Artem Bityutskiy) [Orabug: 34039112] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34039112] \n- uek-rpm: Modify options for CONFIG_VSOCKETS_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Modify options for CONFIG_TIPC_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Modify options for CONFIG_INET_SCTP_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Enable CONFIG_MPTCP (Victor Erminpour) [Orabug: 34027701] \n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 30962711] [Orabug: 34018925] \n- xfs: punch out data fork delalloc blocks on COW writeback failure (Brian Foster) [Orabug: 33968545] \n- locking/rwsem: Always try to wake waiters in out_nolock path (Waiman Long) [Orabug: 33698977]\n[5.15.0-0.30.4]\n- btrfs: skip reserved bytes warning on unmount after log cleanup failure (Filipe Manana) [Orabug: 33916044] \n- ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018911] \n- uek-rpm: Separate x86_64 kABI checking for OL8/9 (Saeed Mirzamohammadi) [Orabug: 34027988] \n- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031911] \n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034593] {CVE-2022-1158}\n- Revert rds/ib: recover rds connection from stuck rx path (Rohit Nair) [Orabug: 34039269]\n[5.15.0-0.30.3]\n- xfs: dont generate selinux audit messages for capability testing (Darrick J. Wong) [Orabug: 33678769] \n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923371] \n- turbostat: fix PC6 displaying on some systems (Artem Bityutskiy) [Orabug: 33998324] \n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003079] \n- netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) [Orabug: 34012906] {CVE-2022-1015}\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012923] {CVE-2022-1016}\n[5.15.0-0.30.2]\n- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974712] \n- uek-rpm: aarch64: Reduce core rpms module count (Somasundaram Krishnasamy) [Orabug: 33994642] \n- uek-rpm: Add few needed modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 33994642] \n- uek-rpm: Remove duplicate modules from kernel-uek-modules rpm (Somasundaram Krishnasamy) [Orabug: 33994642] \n- selftests/vm: make MADV_POPULATE_(READ|WRITE) use in-tree headers (David Hildenbrand) [Orabug: 33797463] \n- net: mana: Add handling of CQE_RX_TRUNCATED (Haiyang Zhang) [Orabug: 33839662] \n- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (Haiyang Zhang) [Orabug: 33839662] \n- net/rds: Use unpin_user_page as pin_user_pages counterpart (Gerd Rausch) [Orabug: 33867863] \n- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980854] \n- mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987398] \n- uek-rpm: Set CONFIG_*_DIAG options as built-ins to match RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_DEBUG_WX for x86_64 debug kernel (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_TMPFS_INODE64 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CXL_MEM (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CMA_SYSFS (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable Platform related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable DM_VERITY_VERIFY_ROOTHASH_SIG and DM_VERITY_FEC (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable Crypto related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CAN_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_NET_SCH_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_NF_FLOW_TABLE (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable missing Netfilter options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CGROUP_MISC and CONFIG_BLK_CGROUP_FC_APPID (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_INTEL_IDXD_PERFMON (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_RTW88_8723DE and CONFIG_RTW88_8821CE (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Update configuration for v5.15.30.1 (aarch64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] \n- uek-rpm: Update configuration for v5.15.30.1 (x86_64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403]\n[5.15.0-0.30.1]\n- uek-rpm: config: Enable CONFIG_KEY_NOTIFICATIONS option (Somasundaram Krishnasamy) [Orabug: 33957466] \n- Revert uek: kabi: Enable kABI checker for ol8 and ol9 (Jack Vogel) \n- LTS version: v5.15.30 (Jack Vogel) \n- ice: Fix race condition during interface enslave (Ivan Vecera) \n- x86/module: Fix the paravirt vs alternative order (Peter Zijlstra) \n- kselftest/vm: fix tests build with old libc (Chengming Zhou) \n- bnx2: Fix an error message (Christophe JAILLET) \n- sfc: extend the locking on mcdi->seqno (Niels Dossche) \n- tcp: make tcp_read_sock() more robust (Eric Dumazet) \n- nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) \n- drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) \n- iwlwifi: dont advertise TWT support (Golan Ben Ami) \n- atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) \n- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) \n- Bluetooth: hci_core: Fix leaking sent_cmd skb (Luiz Augusto von Dentz) \n- ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) \n- MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) \n- mac80211: refuse aggregations sessions before authorized (Johannes Berg) \n- ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) \n- ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) \n- arm64: dts: agilex: use the compatible intel,socfpga-agilex-hsotg (Dinh Nguyen) \n- arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) \n- arm64: dts: rockchip: align pl330 node name with dtschema (Krzysztof Kozlowski) \n- arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) \n- xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) \n- xfrm: Check if_id in xfrm_migrate (Yan Yan) \n- arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (Quentin Schulz) \n- Revert xfrm: state and policy should fail if XFRMA_IF_ID 0 (Kai Lueke) \n- LTS version: v5.15.29 (Jack Vogel) \n- vhost: allow batching hint without size (Jason Wang) \n- Revert net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (Vladimir Oltean) \n(Christoph Hellwig) \n- riscv: dts: k210: fix broken IRQs on hart1 (Niklas Cassel) \n- drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (Ville Syrjala) \n- btrfs: make send work with concurrent block group relocation (Filipe Manana) \n- drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (Thomas Zimmermann) \n- x86/traps: Mark do_int3() NOKPROBE_SYMBOL (Li Huafei) \n- x86/sgx: Free backing memory after faulting the enclave page (Jarkko Sakkinen) \n- x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (Ross Philipson) \n- x86/boot: Fix memremap of setup_indirect structures (Ross Philipson) \n- Revert x86/boot: Fix memremap of setup_indirect structures (Jack Vogel) \n- Revert x86/boot: Add setup_indirect support in early_memremap_is_setup_data (Jack Vogel) \n- watch_queue: Make comment about setting ->defunct more accurate (David Howells) \n- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) \n- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) \n- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) \n- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) \n- watch_queue: Fix to release page in ->release() (David Howells) \n- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) \n- watch_queue: Fix filter limit check (David Howells) \n- ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) \n- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) \n- virtio: acknowledge all features before access (Michael S. Tsirkin) \n- virtio: unexport virtio_finalize_features (Michael S. Tsirkin) \n- KVM: x86/mmu: kvm_faultin_pfn has to return false if pfh is returned (Andrei Vagin) \n- swiotlb: rework fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- arm64: kasan: fix include error in MTE functions (Paul Semel) \n- arm64: Ensure execute-only permissions are not allowed without EPAN (Catalin Marinas) \n- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) \n- tracing/osnoise: Force quiescent states while tracing (Nicolas Saenz Julienne) \n- riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) \n- mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) \n- riscv: alternative only works on !XIP_KERNEL (Jisheng Zhang) \n- net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) \n- staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) \n- staging: rtl8723bs: Fix access-point mode deadlock (Hans de Goede) \n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) \n- fuse: fix fileattr op failure (Miklos Szeredi) \n- ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) \n- selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) \n- selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) \n- tracing/osnoise: Make osnoise_main to sleep for microseconds (Daniel Bristot de Oliveira) \n- tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) \n- ipv6: prevent a possible race condition with lifetimes (Niels Dossche) \n- Revert xen-netback: Check for hotplug-status existence before watching (Marek Marczykowski-Gorecki) \n- Revert xen-netback: remove hotplug-status once it has served its purpose (Marek Marczykowski-Gorecki) \n- drm/amdgpu: bypass tiling flag check in virtual display case (v2) (Guchun Chen) \n- gpio: Return EPROBE_DEFER if gc->to_irq is NULL (Shreeya Patel) \n- PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (Alex Deucher) \n- hwmon: (pmbus) Clear pmbus fault/warning bits after read (Vikash Chandola) \n- net-sysfs: add check for netdevice being present to speed_show (suresh kumar) \n- x86/kvm: Dont use pv tlb/ipi/sched_yield if on 1 vCPU (Wanpeng Li) \n- drm/vc4: hdmi: Unregister codec device on unbind (Maxime Ripard) \n- spi: rockchip: terminate dma transmission when slave abort (Jon Lin) \n- spi: rockchip: Fix error in getting num-cs property (Jon Lin) \n- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (Anton Romanov) \n- KVM: Fix lockdep false negative during host resume (Wanpeng Li) \n- pinctrl: tigerlake: Revert Add Alder Lake-M ACPI ID (Andy Shevchenko) \n- usb: dwc3: pci: add support for the Intel Raptor Lake-S (Heikki Krogerus) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) \n- net: phy: meson-gxl: improve link-up behavior (Heiner Kallweit) \n- net: bcmgenet: Dont claim WOL when its not available (Jeremy Linton) \n- sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) \n- net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) \n- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) \n- gpio: ts4900: Do not set DAT and OE together (Mark Featherston) \n- selftests: pmtu.sh: Kill nettest processes launched in subshell. (Guillaume Nault) \n- selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) \n- NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) \n- net/mlx5e: Lag, Only handle events from highest priority multipath entry (Roi Dayan) \n- net/mlx5: Fix a race on command flush flow (Moshe Shemesh) \n- net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) \n- ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) \n- net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (Miaoqian Lin) \n- net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) \n- net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) \n- tipc: fix incorrect order of state message data sanity check (Tung Nguyen) \n- ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) \n- ice: Fix curr_link_speed advertised speed (Jedrzej Jagielski) \n- ice: Dont use GFP_KERNEL in atomic context (Christophe JAILLET) \n- ice: Fix error with handling of bonding MTU (Dave Ertman) \n- ice: stop disabling VFs due to PF error responses (Jacob Keller) \n- i40e: stop disabling VFs due to PF error responses (Jacob Keller) \n- iavf: Fix handling of vlan strip virtual channel messages (Michal Maloszewski) \n- ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) \n- net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (Russell King (Oracle)) \n- drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) \n- gpiolib: acpi: Convert ACPI value of debounce to microseconds (Andy Shevchenko) \n- smsc95xx: Ignore -ENODEV errors when device is unplugged (Fabio Estevam) \n- qed: return status of qed_iov_get_link (Tom Rix) \n- esp: Fix BEET mode inter address family tunneling on GSO (Steffen Klassert) \n- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) \n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) \n- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (Jia-Ju Bai) \n- vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) \n- virtio-blk: Dont use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) \n- vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) \n- mISDN: Fix memory leak in dsp_pipeline_build() (Alexey Khoroshilov) \n- net: phy: meson-gxl: fix interrupt handling in forced mode (Heiner Kallweit) \n- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (Xie Yongji) \n- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) \n- tipc: fix kernel panic when enabling bearer (Tung Nguyen) \n- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) \n- HID: vivaldi: fix sysfs attributes leak (Dmitry Torokhov) \n- clk: qcom: dispcc: Update the transition delay for MDSS GDSC (Taniya Das) \n- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) \n- ARM: boot: dts: bcm2711: Fix HVS register range (Maxime Ripard) \n- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Pavel Skripkin) \n- HID: elo: Revert USB reference counting (Jiri Kosina) \n- arm64: dts: qcom: sm8350: Correct UFS symbol clocks (Bjorn Andersson) \n- arm64: dts: qcom: sm8350: Describe GCC dependency clocks (Konrad Dybcio) \n- uek-rpm: Add crashkernel.default file (John Donnelly) [Orabug: 33741103] \n- KVM: SVM: Dont apply SEV+SMAP workaround on code fetch or PT access (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests (Sean Christopherson) [Orabug: 33772526] \n- KVM: x86: Pass emulation type to can_emulate_instruction() (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support (Sean Christopherson) [Orabug: 33772526] \n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [Orabug: 33904637] \n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940518] \n- uek-rpm: Enable CONFIG_DRM_VMWGFX and CONFIG_DRM_VMWGFX_FBCON for aarch64 (Victor Erminpour) [Orabug: 33947624]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-30T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2022-1015", "CVE-2022-1263", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-29582"], "modified": "2022-06-30T00:00:00", "id": "ELSA-2022-9534", "href": "http://linux.oracle.com/errata/ELSA-2022-9534.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:51", "description": "[5.15.0-0.30.19]\n- net/mlx4: Increase num_srq in low_mem_profile (Dave Kleikamp) [Orabug: 34052160]\n[5.15.0-0.30.18]\n- Revert ocfs2: mount shared volume without ha stack (Junxiao Bi) [Orabug: 33701900] \n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n[5.15.0-0.30.17]\n- uek-rpm: New shim versions and secureboot certs (Jack Vogel) [Orabug: 34219956]\n[5.15.0-0.30.16]\n- perf: Correct the label position in perf_event_open (Jack Vogel) [Orabug: 34172708]\n[5.15.0-0.30.15]\n- sched: Fix non-CONFIG_SCHED_CORE build (Boris Ostrovsky) [Orabug: 34228424]\n[5.15.0-0.30.14]\n- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34152698] {CVE-2022-21499}\n- io_uring: fix race between timeout flush and removal (Jens Axboe) [Orabug: 34115159] {CVE-2022-29582}\n- kvm/x86: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] \n- vhost: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] \n- sched: Add interface for copying core scheduling cookie between two tasks (Boris Ostrovsky) [Orabug: 34195867] \n- KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205798] {CVE-2022-1852} {CVE-2022-1852}\n- uek-rpm: Added squashfs module to core rpm for kdump (Vijayendra Suman) [Orabug: 34206290] \n- uek-rpm: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Harshit Mogalapalli) [Orabug: 34209438]\n[5.15.0-0.30.13]\n- perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172708] {CVE-2022-1729}\n- uek-rpm: Enable dependencies needed by CONFIG_SND_SOC_INTEL_HDA_DSP_COMMON (Brian Maly) [Orabug: 33711352]\n[5.15.0-0.30.12]\n- docs: kdump: Update the crashkernel description for arm64 (Zhen Lei) [Orabug: 34052160] \n- of: fdt: Add memory for devices by DT property linux,usable-memory-range (Chen Zhou) [Orabug: 34052160] \n- arm64: kdump: Reimplement crashkernel=X (Chen Zhou) [Orabug: 34052160] \n- arm64: Use insert_resource() to simplify code (Zhen Lei) [Orabug: 34052160] \n- kdump: return -ENOENT if required cmdline option does not exist (Zhen Lei) [Orabug: 34052160] \n- Revert x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: make the lower bound of crash kernel reservation consistent (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel() (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: move xen_pv_domain() check and insert_resource() to setup_arch() (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86/elf: Move vmcore_elf_check_arch_cross to arch/x86/include/asm/elf.h (Dave Kleikamp) [Orabug: 34052160] \n- Revert arm64: kdump: introduce some macroes for crash kernel reservation (Dave Kleikamp) [Orabug: 34052160] \n- Revert arm64: kdump: reimplement crashkernel=X (Dave Kleikamp) [Orabug: 34052160] \n- Revert x86, arm64: Add ARCH_WANT_RESERVE_CRASH_KERNEL config (Dave Kleikamp) [Orabug: 34052160] \n- Revert kdump: update Documentation about crashkernel (Dave Kleikamp) [Orabug: 34052160] \n- uek-rpm: Add modules required to pass selinux-testsuites to core rpm (Somasundaram Krishnasamy) [Orabug: 34129238] \n- uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146029] \n- uek-rpm: Add modules to allow podman tests to run on core kernel. (Somasundaram Krishnasamy) [Orabug: 34123777]\n[5.15.0-0.30.11]\n- uek: kabi: Update kABI files and enable the kABI checker (Saeed Mirzamohammadi) [Orabug: 34044324] \n- Revert rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] \n- Revert rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] \n- Revert rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603]\n[5.15.0-0.30.10]\n- xfs, iomap: limit individual ioend chain lengths in writeback (Dave Chinner) [Orabug: 34085022] \n- xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085022] \n- vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085022] \n- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085022] \n- xfs: flush inodegc workqueue tasks before cancel (Brian Foster) [Orabug: 34085022] \n- xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085022] \n- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085022] \n- xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085022] \n- xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085022] \n- x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100359] \n- x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100359] \n- x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100359] \n- perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100359] \n- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100359] \n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105317] \n- uek-rpm: Move needed modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34124573] [Orabug: 34130428] [Orabug: 34130346] \n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135342] {CVE-2022-1353}\n[5.15.0-0.30.9]\n- uek-rpm: Enable CONFIG_KFENCE (Joe Jin) [Orabug: 34125090] \n- rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34106050] \n- uek-rpm: Move few modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34087568] \n- bpf: Emit bpf_timer in vmlinux BTF (Yonghong Song) [Orabug: 34085523] \n- selftests/bpf: Define SYS_NANOSLEEP_KPROBE_NAME for aarch64 (Ilya Leoshkevich) [Orabug: 34085523] \n- KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (Paolo Bonzini) [Orabug: 34048938] {CVE-2022-1263}\n[5.15.0-0.30.8]\n- Revert locking/rwsem: Make handoff bit handling more consistent (John Donnelly) [Orabug: 34087272] \n- Revert locking/rwsem: Always try to wake waiters in out_nolock path (John Donnelly) [Orabug: 34087272] \n- x86, ctf: fix CTF suppression in the vDSO (Nick Alcock) [Orabug: 34090171]\n[5.15.0-0.30.7]\n- uek-rpm: config: Add support for resilient_rdmaip new kernel module (Sudhakar Dindukurti) [Orabug: 27718686] [Orabug: 30777254] [Orabug: 33877197] \n- resilient_rdmaip: replace inet_ioctl() with devinet_ioctl() (Qing Huang) [Orabug: 33877197] \n- rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] [Orabug: 33877197] \n- A/A Bonding: remove use of trace_printk(), replacing with tracepoints (Alan Maguire) [Orabug: 32969529] [Orabug: 33877197] \n- A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32486193] [Orabug: 33877197] \n- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] [Orabug: 33877197] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881] [Orabug: 33877197] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] [Orabug: 33877197] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] [Orabug: 33877197] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095765] [Orabug: 33877197] \n- A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 30875610] [Orabug: 33877197] \n- A/A Bonding: Change debug levels for some debug messages (Sudhakar Dindukurti) [Orabug: 30430839] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Remove rdmaip_garp_wq work queue (Sudhakar Dindukurti) [Orabug: 30507174] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: rdmaip does not send IPv6 address change notification (Ka-Cheong Poon) [Orabug: 30312121] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Memory leak in rdmaip_send_gratuitous_arp (Dag Moxnes) [Orabug: 30434319] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Use correct port when calling ib_query_port (Dag Moxnes) [Orabug: 30433360] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Validate rdmaip_active_bonding_arps module parameter (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Flush all the delayed works posted to rdmaip_garps_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Rename riif_dlywork to rdmaip_dlywork (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Rename rdmaip_port_ud_work to rdmaip_dly_work_req (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Flush all the delayed works posted to rdmaip_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29379514] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Miscellaneous module unload changes (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Skip sending GARPs when module unload is in progress (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Port status is not updated correctly for dynamically added netdevs (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: rdmaip_add_new_rdmaip_port() - remove unused port argument (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: rdmaip_inetaddr_unregister() - minor updates (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] \n- A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Switch from dma_device to dev.parent (Dag Moxnes) [Orabug: 30149027] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Increase default net.rdmaip.active_bonding_failback_ms (Sudhakar Dindukurti) [Orabug: 30184200] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: Optimize rdmaip_impl_inetaddr_event() (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] \n- A/A-Bonding: ResilientRDMA does not failback on nodes configured with unused VFs starting in 1902.1.0 (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] \n- Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761370] [Orabug: 30777254] [Orabug: 33877197] \n- RoCE:KVM guest: failover doesnt work if an interface isnt configured (Sudhakar Dindukurti) [Orabug: 29476868] [Orabug: 30777254] [Orabug: 33877197] \n- Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29683262] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29629971] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Potential race conditions in the module unload path (Sudhakar Dindukurti) [Orabug: 29301129] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Avoid calling ib_query_gid() by holding the dev_base_lock (Sudhakar Dindukurti) [Orabug: 29350401] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: ib_query_port() sleeping function called in a invalid context (Sudhakar Dindukurti) [Orabug: 29391490] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Sleeping function mutex_lock() called in invalid context (Sudhakar Dindukurti) [Orabug: 29430627] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Name structure fields appropriately (for better readability) (Sudhakar Dindukurti) [Orabug: 29168419] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add rdmaip_process_async_event() (Sudhakar Dindukurti) [Orabug: 29168346] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Potential race conditions (Sudhakar Dindukurti) [Orabug: 29172556] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: check return value of the rdmaip_init_port (Sudhakar Dindukurti) [Orabug: 29168307] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Optimize rdmaip_event_handler() (Sudhakar Dindukurti) [Orabug: 29168253] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add new function rdmaip_sched_failover_failback() to sechedule failover/failback (Sudhakar Dindukurti) [Orabug: 29167542] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Skip failover and failback operations during network reconfiguration (Sudhakar Dindukurti) [Orabug: 28946148] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add new function rdmaip_add_new_rdmaip_port() (Sudhakar Dindukurti) [Orabug: 29167497] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add rdmaip_update_port_status_all_layers() function (Sudhakar Dindukurti) [Orabug: 29213051] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: Add a new function rdmaip_find_port_tstate() to find port transition state (Sudhakar Dindukurti) [Orabug: 29162871] [Orabug: 30777254] [Orabug: 33877197] \n- Replace alloc_page() with static allocation (Sudhakar Dindukurti) [Orabug: 29162759] [Orabug: 30777254] [Orabug: 33877197] \n- Log full interface name including label during IPv4 migration (Sudhakar Dindukurti) [Orabug: 29019945] [Orabug: 30777254] [Orabug: 33877197] \n- A/A : Failover and failback does not work for IP aliases (Sudhakar Dindukurti) [Orabug: 29019964] [Orabug: 30777254] [Orabug: 33877197] \n- Node crashes when trace buffer is opened (Sudhakar Dindukurti) [Orabug: 28988861] [Orabug: 30777254] [Orabug: 33877197] \n- module unload: Restore IPs during module unloading (Sudhakar Dindukurti) [Orabug: 27902037] [Orabug: 30777254] [Orabug: 33877197] \n- Memory leak in rdmaip_device_remove() (Sudhakar Dindukurti) [Orabug: 28496850] [Orabug: 30777254] [Orabug: 33877197] \n- resilient_rdmaip: Remove unused variable (Sudhakar Dindukurti) [Orabug: 28925778] [Orabug: 30777254] [Orabug: 33877197] \n- A/A failback does not work in concert with ibacm (Hakon Bugge) [Orabug: 28919144] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: fix returned value not set error (Zhu Yanjun) [Orabug: 28175433] [Orabug: 30777254] [Orabug: 33877197] \n- IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) [Orabug: 28096172] [Orabug: 30777254] [Orabug: 33877197] \n- IB/rdmaip: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198705] [Orabug: 30777254] [Orabug: 33877197] \n- GARP Messages should be sent on the same port where IP is bound (Sudhakar Dindukurti) [Orabug: 28085445] [Orabug: 30777254] [Orabug: 33877197] \n- system panic with active bonding enabled via resilient_rdmaip (Sudhakar Dindukurti) [Orabug: 28073806] [Orabug: 30777254] [Orabug: 33877197] \n- Resilient RDMAIP should not attempt to failover/failback for the ports in grp 0 (Sudhakar Dindukurti) [Orabug: 28049781] [Orabug: 30777254] [Orabug: 33877197] \n- rdmaip: ib0 is already part of another failover group (Sudhakar Dindukurti) [Orabug: 27818669] [Orabug: 30777254] [Orabug: 33877197] \n- Minor typos in resilient_rdmaip parameter description (Sudhakar Dindukurti) [Orabug: 27890256] [Orabug: 30777254] [Orabug: 33877197] \n- Garbled log messages related to resilient_rdmaip driver (Sudhakar Dindukurti) [Orabug: 27935928] [Orabug: 30777254] [Orabug: 33877197] \n- Add Resilient RDMAIP module (Sudhakar Dindukurti) [Orabug: 27718676] [Orabug: 30777254] [Orabug: 33877197] \n- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [Orabug: 34096642] \n- netfilter: conntrack: move synack init code to helper (Florian Westphal) [Orabug: 34096642] \n- uek-rpm: Add few more missing modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34095625] \n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34095621] \n- IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094200] \n- SUNRPC: Do not dereference non-socket transports in sysfs (Trond Myklebust) [Orabug: 34056478] \n- SUNRPC: lock against ->sock changing during sysfs read (NeilBrown) [Orabug: 34056478] \n- SUNRPC: Check if the xprt is connected before handling sysfs reads (Anna Schumaker) [Orabug: 34056478] \n- uek-rpm: Enable CONFIG_FS_VERITY (Victor Erminpour) [Orabug: 34048393]\n[5.15.0-0.30.6]\n- uek-rpm: Update kernel-uek-core rpm module list. (Somasundaram Krishnasamy) [Orabug: 34078005] \n- Revert scsi: core: Register sysfs attributes earlier (John Donnelly) [Orabug: 34087517] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 34049087] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 34049087] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 34049087] \n- mlx5_core: set module param expose_pf_phys_port_name to true (Sharath Srinivasan) [Orabug: 33960521] \n- uek-rpm: Fix DEFAULTKERNEL for aarch 64k rpms. (Somasundaram Krishnasamy) [Orabug: 33900644] \n- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (Dave Chinner) [Orabug: 33705403]\n[5.15.0-0.30.5]\n- iov_iter: Introduce nofault flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] \n- gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] \n- scsi: core: Use a structure member to track the SCSI command submitter (Bart Van Assche) [Orabug: 34075214] \n- uek: kabi: add KABI padding to x86 struct fpu (Eric DeVolder) [Orabug: 34070418] \n- uek: kabi: add KABI padding to udp and phy sturcts (Qing Huang) [Orabug: 34066357] \n- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 34064652] \n- scsi: core: Register sysfs attributes earlier (Bart Van Assche) [Orabug: 34063798] \n- uek: kabi: add kABI padding to arch/x86/include/asm/processor.h (Thomas Tai) [Orabug: 34059795] \n- x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053699] \n- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048326] {CVE-2022-28390}\n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048287] {CVE-2022-28388}\n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34039112] \n- intel_idle: add preferred_cstates module argument (Artem Bityutskiy) [Orabug: 34039112] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34039112] \n- uek-rpm: Modify options for CONFIG_VSOCKETS_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Modify options for CONFIG_TIPC_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Modify options for CONFIG_INET_SCTP_DIAG=y (Victor Erminpour) [Orabug: 34027701] \n- uek-rpm: Enable CONFIG_MPTCP (Victor Erminpour) [Orabug: 34027701] \n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 30962711] [Orabug: 34018925] \n- xfs: punch out data fork delalloc blocks on COW writeback failure (Brian Foster) [Orabug: 33968545] \n- locking/rwsem: Always try to wake waiters in out_nolock path (Waiman Long) [Orabug: 33698977]\n[5.15.0-0.30.4]\n- btrfs: skip reserved bytes warning on unmount after log cleanup failure (Filipe Manana) [Orabug: 33916044] \n- ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}\n- mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018911] \n- uek-rpm: Separate x86_64 kABI checking for OL8/9 (Saeed Mirzamohammadi) [Orabug: 34027988] \n- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031911] \n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034593] {CVE-2022-1158}\n- Revert rds/ib: recover rds connection from stuck rx path (Rohit Nair) [Orabug: 34039269]\n[5.15.0-0.30.3]\n- xfs: dont generate selinux audit messages for capability testing (Darrick J. Wong) [Orabug: 33678769] \n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923371] \n- turbostat: fix PC6 displaying on some systems (Artem Bityutskiy) [Orabug: 33998324] \n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003079] \n- netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) [Orabug: 34012906] {CVE-2022-1015}\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012923] {CVE-2022-1016}\n[5.15.0-0.30.2]\n- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974712] \n- uek-rpm: aarch64: Reduce core rpms module count (Somasundaram Krishnasamy) [Orabug: 33994642] \n- uek-rpm: Add few needed modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 33994642] \n- uek-rpm: Remove duplicate modules from kernel-uek-modules rpm (Somasundaram Krishnasamy) [Orabug: 33994642] \n- selftests/vm: make MADV_POPULATE_(READ|WRITE) use in-tree headers (David Hildenbrand) [Orabug: 33797463] \n- net: mana: Add handling of CQE_RX_TRUNCATED (Haiyang Zhang) [Orabug: 33839662] \n- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (Haiyang Zhang) [Orabug: 33839662] \n- net/rds: Use unpin_user_page as pin_user_pages counterpart (Gerd Rausch) [Orabug: 33867863] \n- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980854] \n- mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987398] \n- uek-rpm: Set CONFIG_*_DIAG options as built-ins to match RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_DEBUG_WX for x86_64 debug kernel (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_TMPFS_INODE64 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CXL_MEM (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CMA_SYSFS (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable Platform related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable DM_VERITY_VERIFY_ROOTHASH_SIG and DM_VERITY_FEC (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable Crypto related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CAN_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_NET_SCH_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_NF_FLOW_TABLE (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable missing Netfilter options from RHCK9 (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_CGROUP_MISC and CONFIG_BLK_CGROUP_FC_APPID (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_INTEL_IDXD_PERFMON (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Enable CONFIG_RTW88_8723DE and CONFIG_RTW88_8821CE (Victor Erminpour) [Orabug: 33904712] \n- uek-rpm: Update configuration for v5.15.30.1 (aarch64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] \n- uek-rpm: Update configuration for v5.15.30.1 (x86_64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403]\n[5.15.0-0.30.1]\n- uek-rpm: config: Enable CONFIG_KEY_NOTIFICATIONS option (Somasundaram Krishnasamy) [Orabug: 33957466] \n- Revert uek: kabi: Enable kABI checker for ol8 and ol9 (Jack Vogel) \n- LTS version: v5.15.30 (Jack Vogel) \n- ice: Fix race condition during interface enslave (Ivan Vecera) \n- x86/module: Fix the paravirt vs alternative order (Peter Zijlstra) \n- kselftest/vm: fix tests build with old libc (Chengming Zhou) \n- bnx2: Fix an error message (Christophe JAILLET) \n- sfc: extend the locking on mcdi->seqno (Niels Dossche) \n- tcp: make tcp_read_sock() more robust (Eric Dumazet) \n- nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) \n- drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) \n- iwlwifi: dont advertise TWT support (Golan Ben Ami) \n- atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) \n- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) \n- Bluetooth: hci_core: Fix leaking sent_cmd skb (Luiz Augusto von Dentz) \n- ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) \n- MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) \n- mac80211: refuse aggregations sessions before authorized (Johannes Berg) \n- ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) \n- ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) \n- arm64: dts: agilex: use the compatible intel,socfpga-agilex-hsotg (Dinh Nguyen) \n- arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) \n- arm64: dts: rockchip: align pl330 node name with dtschema (Krzysztof Kozlowski) \n- arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) \n- xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) \n- xfrm: Check if_id in xfrm_migrate (Yan Yan) \n- arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (Quentin Schulz) \n- Revert xfrm: state and policy should fail if XFRMA_IF_ID 0 (Kai Lueke) \n- LTS version: v5.15.29 (Jack Vogel) \n- vhost: allow batching hint without size (Jason Wang) \n- Revert net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (Vladimir Oltean) \n(Christoph Hellwig) \n- riscv: dts: k210: fix broken IRQs on hart1 (Niklas Cassel) \n- drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (Ville Syrjala) \n- btrfs: make send work with concurrent block group relocation (Filipe Manana) \n- drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (Thomas Zimmermann) \n- x86/traps: Mark do_int3() NOKPROBE_SYMBOL (Li Huafei) \n- x86/sgx: Free backing memory after faulting the enclave page (Jarkko Sakkinen) \n- x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (Ross Philipson) \n- x86/boot: Fix memremap of setup_indirect structures (Ross Philipson) \n- Revert x86/boot: Fix memremap of setup_indirect structures (Jack Vogel) \n- Revert x86/boot: Add setup_indirect support in early_memremap_is_setup_data (Jack Vogel) \n- watch_queue: Make comment about setting ->defunct more accurate (David Howells) \n- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) \n- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) \n- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) \n- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) \n- watch_queue: Fix to release page in ->release() (David Howells) \n- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) \n- watch_queue: Fix filter limit check (David Howells) \n- ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) \n- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) \n- virtio: acknowledge all features before access (Michael S. Tsirkin) \n- virtio: unexport virtio_finalize_features (Michael S. Tsirkin) \n- KVM: x86/mmu: kvm_faultin_pfn has to return false if pfh is returned (Andrei Vagin) \n- swiotlb: rework fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- arm64: kasan: fix include error in MTE functions (Paul Semel) \n- arm64: Ensure execute-only permissions are not allowed without EPAN (Catalin Marinas) \n- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) \n- tracing/osnoise: Force quiescent states while tracing (Nicolas Saenz Julienne) \n- riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) \n- mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) \n- riscv: alternative only works on !XIP_KERNEL (Jisheng Zhang) \n- net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) \n- staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) \n- staging: rtl8723bs: Fix access-point mode deadlock (Hans de Goede) \n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) \n- fuse: fix fileattr op failure (Miklos Szeredi) \n- ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) \n- selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) \n- selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) \n- tracing/osnoise: Make osnoise_main to sleep for microseconds (Daniel Bristot de Oliveira) \n- tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) \n- ipv6: prevent a possible race condition with lifetimes (Niels Dossche) \n- Revert xen-netback: Check for hotplug-status existence before watching (Marek Marczykowski-Gorecki) \n- Revert xen-netback: remove hotplug-status once it has served its purpose (Marek Marczykowski-Gorecki) \n- drm/amdgpu: bypass tiling flag check in virtual display case (v2) (Guchun Chen) \n- gpio: Return EPROBE_DEFER if gc->to_irq is NULL (Shreeya Patel) \n- PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (Alex Deucher) \n- hwmon: (pmbus) Clear pmbus fault/warning bits after read (Vikash Chandola) \n- net-sysfs: add check for netdevice being present to speed_show (suresh kumar) \n- x86/kvm: Dont use pv tlb/ipi/sched_yield if on 1 vCPU (Wanpeng Li) \n- drm/vc4: hdmi: Unregister codec device on unbind (Maxime Ripard) \n- spi: rockchip: terminate dma transmission when slave abort (Jon Lin) \n- spi: rockchip: Fix error in getting num-cs property (Jon Lin) \n- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (Anton Romanov) \n- KVM: Fix lockdep false negative during host resume (Wanpeng Li) \n- pinctrl: tigerlake: Revert Add Alder Lake-M ACPI ID (Andy Shevchenko) \n- usb: dwc3: pci: add support for the Intel Raptor Lake-S (Heikki Krogerus) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) \n- net: phy: meson-gxl: improve link-up behavior (Heiner Kallweit) \n- net: bcmgenet: Dont claim WOL when its not available (Jeremy Linton) \n- sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) \n- net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) \n- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) \n- gpio: ts4900: Do not set DAT and OE together (Mark Featherston) \n- selftests: pmtu.sh: Kill nettest processes launched in subshell. (Guillaume Nault) \n- selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) \n- NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) \n- net/mlx5e: Lag, Only handle events from highest priority multipath entry (Roi Dayan) \n- net/mlx5: Fix a race on command flush flow (Moshe Shemesh) \n- net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) \n- ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) \n- net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (Miaoqian Lin) \n- net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) \n- net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) \n- tipc: fix incorrect order of state message data sanity check (Tung Nguyen) \n- ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) \n- ice: Fix curr_link_speed advertised speed (Jedrzej Jagielski) \n- ice: Dont use GFP_KERNEL in atomic context (Christophe JAILLET) \n- ice: Fix error with handling of bonding MTU (Dave Ertman) \n- ice: stop disabling VFs due to PF error responses (Jacob Keller) \n- i40e: stop disabling VFs due to PF error responses (Jacob Keller) \n- iavf: Fix handling of vlan strip virtual channel messages (Michal Maloszewski) \n- ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) \n- net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (Russell King (Oracle)) \n- drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) \n- gpiolib: acpi: Convert ACPI value of debounce to microseconds (Andy Shevchenko) \n- smsc95xx: Ignore -ENODEV errors when device is unplugged (Fabio Estevam) \n- qed: return status of qed_iov_get_link (Tom Rix) \n- esp: Fix BEET mode inter address family tunneling on GSO (Steffen Klassert) \n- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) \n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) \n- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (Jia-Ju Bai) \n- vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) \n- virtio-blk: Dont use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) \n- vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) \n- mISDN: Fix memory leak in dsp_pipeline_build() (Alexey Khoroshilov) \n- net: phy: meson-gxl: fix interrupt handling in forced mode (Heiner Kallweit) \n- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (Xie Yongji) \n- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) \n- tipc: fix kernel panic when enabling bearer (Tung Nguyen) \n- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) \n- HID: vivaldi: fix sysfs attributes leak (Dmitry Torokhov) \n- clk: qcom: dispcc: Update the transition delay for MDSS GDSC (Taniya Das) \n- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) \n- ARM: boot: dts: bcm2711: Fix HVS register range (Maxime Ripard) \n- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Pavel Skripkin) \n- HID: elo: Revert USB reference counting (Jiri Kosina) \n- arm64: dts: qcom: sm8350: Correct UFS symbol clocks (Bjorn Andersson) \n- arm64: dts: qcom: sm8350: Describe GCC dependency clocks (Konrad Dybcio) \n- uek-rpm: Add crashkernel.default file (John Donnelly) [Orabug: 33741103] \n- KVM: SVM: Dont apply SEV+SMAP workaround on code fetch or PT access (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests (Sean Christopherson) [Orabug: 33772526] \n- KVM: x86: Pass emulation type to can_emulate_instruction() (Sean Christopherson) [Orabug: 33772526] \n- KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support (Sean Christopherson) [Orabug: 33772526] \n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [Orabug: 33904637] \n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940518] \n- uek-rpm: Enable CONFIG_DRM_VMWGFX and CONFIG_DRM_VMWGFX_FBCON for aarch64 (Victor Erminpour) [Orabug: 33947624]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-30T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2022-1015", "CVE-2022-1263", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-29582"], "modified": "2022-06-30T00:00:00", "id": "ELSA-2022-9533", "href": "http://linux.oracle.com/errata/ELSA-2022-9533.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T17:25:20", "description": "[4.14.35-2047.515.3.el7]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721]\n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721]\n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2.el7]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1.el7]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333]\n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0.el7]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209]\n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241]\n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492]\n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771]\n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771]\n- floppy: use a statically allocated error counter (Willy Tarreau) {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064]\n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887]\n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887]\n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887]\n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887]\n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887]\n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887]\n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887]\n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887]\n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887]\n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Don't skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert 'SUNRPC: attempt AF_LOCAL connect on setup' (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Ts'o) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Ts'o) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652"], "modified": "2022-07-11T00:00:00", "id": "ELSA-2022-9582", "href": "http://linux.oracle.com/errata/ELSA-2022-9582.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:56:30", "description": "[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Don't skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert 'SUNRPC: attempt AF_LOCAL connect on setup' (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Ts'o) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Ts'o) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652"], "modified": "2022-07-11T00:00:00", "id": "ELSA-2022-9583", "href": "http://linux.oracle.com/errata/ELSA-2022-9583.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:00:27", "description": "[5.15.0-0.30.20]\n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}\n- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2022-07-12T00:00:00", "id": "ELSA-2022-9591", "href": "http://linux.oracle.com/errata/ELSA-2022-9591.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:00:31", "description": "[5.15.0-0.30.20]\n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}\n- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2022-07-12T00:00:00", "id": "ELSA-2022-9590", "href": "http://linux.oracle.com/errata/ELSA-2022-9590.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-15T15:26:06", "description": "[4.18.0-425.3.1.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]\n[4.18.0-425.3.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]\n- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]\n- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]\n- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]\n- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]\n- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]\n- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]\n- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]\n- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]\n- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]\n- iavf: Detach device during reset task (Petr Oros) [2069206]\n[4.18.0-425.2.1]\n- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]\n[4.18.0-425.1.1]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]\n- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]\n[4.18.0-425]\n- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]\n- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]\n[4.18.0-424]\n- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]\n- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]\n- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]\n- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]\n- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]\n- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]\n- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]\n- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]\n- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]\n- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]\n- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]\n- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]\n- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]\n- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]\n- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]\n- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]\n- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]\n- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]\n- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]\n- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]\n- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]\n- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]\n- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]\n- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]\n- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]\n- iavf: Fix reset error handling (Petr Oros) [2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2119759]\n- iavf: Fix missing state logs (Petr Oros) [2119759]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]\n[4.18.0-423]\n- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]\n- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]\n- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]\n- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]\n- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]\n- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]\n- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]\n- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]\n- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]\n- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]\n- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]\n- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]\n- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]\n- net/mlx5: fix typo in comment (Amir Tzin) [2049440]\n- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]\n- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]\n- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]\n- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]\n- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]\n- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]\n- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]\n- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]\n- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]\n- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]\n- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]\n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]\n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]\n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]\n- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]\n- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]\n- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]\n- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]\n- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]\n- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]\n- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]\n- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]\n- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]\n- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]\n- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]\n- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]\n- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]\n- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]\n- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]\n- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]\n- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]\n- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]\n- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]\n- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]\n- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]\n- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]\n- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]\n- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]\n- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]\n- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]\n- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]\n- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]\n- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]\n- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]\n- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]\n- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]\n- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]\n- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]\n- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]\n- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]\n- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]\n- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]\n- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]\n- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]\n- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]\n- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]\n- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]\n- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]\n- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]\n- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]\n- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]\n- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]\n- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]\n- mlx5: remove unused static inlines (Amir Tzin) [2049440]\n- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]\n- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]\n- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]\n- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]\n- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]\n- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]\n- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]\n- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]\n- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]\n- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]\n- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]\n- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]\n- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]\n- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]\n- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]\n- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]\n- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]\n- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]\n- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]\n- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]\n- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]\n- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]\n- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]\n- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]\n- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]\n- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}\n- net: let flow have same hash in two directions (Ivan Vecera) [2111094]\n- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]\n- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]\n- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]\n- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]\n- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]\n- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]\n- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]\n- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]\n- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]\n- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]\n[4.18.0-422]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]\n- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]\n- redhat: add ca7 to redhat/git/files (Jarod Wilson)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7683", "href": "http://linux.oracle.com/errata/ELSA-2022-7683.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-22T10:47:42", "description": "[5.14.0-162.6.1_1.OL9]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5\n- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]\n[5.14.0-162.6.1_1]\n- kabi: add symbol yield to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sort to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol efi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol capable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287]\n[5.14.0-162.5.1_1]\n- redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert)\n- netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393]\n- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393]\n- netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393]\n- netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393]\n- netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393]\n- netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393]\n- netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393]\n- netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393]\n- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393]\n- netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393]\n- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393]\n- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393]\n- netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393]\n[5.14.0-162.4.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153]\n[5.14.0-162.3.1]\n- scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469]\n- x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719]\n[5.14.0-162.2.1]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871]\n- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068]\n[5.14.0-162.1.1]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375]\n- Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139]\n- redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert)\n- redhat: add missing CVE reference to latest changelog entries (Patrick Talbert)\n[5.14.0-162]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n[5.14.0-161]\n- x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368]\n- x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368]\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368]\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368]\n- redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata)\n- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854]\n[5.14.0-160]\n- iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701]\n- gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916]\n- gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916]\n- gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916]\n- gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916]\n- gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916]\n- gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916]\n- gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916]\n- gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916]\n- gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916]\n- gve: Correct order of processing device options (Jordan Kimbrough) [2022916]\n- gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916]\n- gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916]\n- gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916]\n- gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916]\n- gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916]\n- gve: Add RX context. (Jordan Kimbrough) [2022916]\n- gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916]\n- gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916]\n- gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916]\n- gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916]\n- gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916]\n- gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916]\n- gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916]\n- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916]\n- gve: fix gve_get_stats() (Jordan Kimbrough) [2022916]\n- gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916]\n- gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916]\n- gve: Correct available tx qpl check (Jordan Kimbrough) [2022916]\n- gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916]\n- gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916]\n- ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086]\n- lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086]\n- x86/alternative: Report missing return thunk details (Waiman Long) [2115086]\n- nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461]\n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526]\n- scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-11-22T00:00:00", "id": "ELSA-2022-8267", "href": "http://linux.oracle.com/errata/ELSA-2022-8267.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-20T20:31:22", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-28388", "CVE-2022-28390"], "modified": "2022-07-07T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/162772", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0019.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162772);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/07\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-28388\", \"CVE-2022-28390\");\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-1652.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-28388.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-28390.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0019.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.64.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0019');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.64.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T22:29:05", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5416-1 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. (CVE-2022-1158)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5416-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1158", "CVE-2022-1516", "CVE-2022-28388", "CVE-2022-28389", "CVE-2022-28390"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.14.0-1036-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04d"], "id": "UBUNTU_USN-5416-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161062", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5416-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-1158\",\n \"CVE-2022-1516\",\n \"CVE-2022-28388\",\n \"CVE-2022-28389\",\n \"CVE-2022-28390\"\n );\n script_xref(name:\"USN\", value:\"5416-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5416-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5416-1 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the\n offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw\n allows unprivileged local users on the host to write outside the userspace region and potentially corrupt\n the kernel, resulting in a denial of service condition. (CVE-2022-1158)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28389)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5416-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.14.0-1036-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04d\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-1158', 'CVE-2022-1516', 'CVE-2022-28388', 'CVE-2022-28389', 'CVE-2022-28390');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5416-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04b', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04c', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04d', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04c', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04d', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04b', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04c', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04d', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-headers-5.14.0-1036', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-5.14.0-1036', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-host', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.14.0-1036-oem', 'pkgver': '5.14.0-1036.40'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04b', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04c', 'pkgver': '5.14.0.1036.33'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04d', 'pkgver': '5.14.0.1036.33'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.14.0-1036-oem / linux-headers-5.14.0-1036-oem / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T06:35:51", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5493-2 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (HWE) vulnerability (USN-5493-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28388"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency"], "id": "UBUNTU_USN-5493-2.NASL", "href": "https://www.tenable.com/plugins/nessus/162689", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5493-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162689);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-28388\");\n script_xref(name:\"USN\", value:\"5493-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (HWE) vulnerability (USN-5493-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-5493-2 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5493-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28388\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.13.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-121\",\n \"5.13.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency)\" : \"5.13.0-52\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5493-2');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-28388');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5493-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T04:15:27", "description": "The remote Ubuntu 16.04 ESM / 20.04 LTS / 21.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5493-1 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-27T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 20.04 LTS / 21.10 : Linux kernel vulnerability (USN-5493-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28388"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-188-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-188-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency"], "id": "UBUNTU_USN-5493-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162552", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5493-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162552);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-28388\");\n script_xref(name:\"USN\", value:\"5493-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 20.04 LTS / 21.10 : Linux kernel vulnerability (USN-5493-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 20.04 LTS / 21.10 host has a package installed that is affected by a vulnerability as\nreferenced in the USN-5493-1 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5493-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28388\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-188-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-188-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-52-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-121-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|20\\.04|21\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 20.04 / 21.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.15.0-\\d{3}-(generic|lowlatency)|5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.13.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.15.0-\\d{3}-(generic|lowlatency)\" : \"4.15.0-188\",\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-121\",\n \"5.13.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency)\" : \"5.13.0-52\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5493-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-28388');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5493-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-20T17:38:45", "description": "The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28388 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: kernel (CVE-2022-28388)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28388"], "modified": "2023-03-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:bpftool", "p-cpe:/a:microsoft:cbl-mariner:kernel", "p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:kernel-devel", "p-cpe:/a:microsoft:cbl-mariner:kernel-docs", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound", "p-cpe:/a:microsoft:cbl-mariner:kernel-dtb", "p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile", "p-cpe:/a:microsoft:cbl-mariner:kernel-tools", "p-cpe:/a:microsoft:cbl-mariner:python3-perf", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_KERNEL_CVE-2022-28388.NASL", "href": "https://www.tenable.com/plugins/nessus/172747", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172747);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/20\");\n\n script_cve_id(\"CVE-2022-28388\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: kernel (CVE-2022-28388)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-28388 advisory.\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-28388\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28388\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-dtb-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-20T17:38:26", "description": "The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28390 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: kernel (CVE-2022-28390)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28390"], "modified": "2023-03-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:bpftool", "p-cpe:/a:microsoft:cbl-mariner:kernel", "p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:kernel-devel", "p-cpe:/a:microsoft:cbl-mariner:kernel-docs", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound", "p-cpe:/a:microsoft:cbl-mariner:kernel-dtb", "p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile", "p-cpe:/a:microsoft:cbl-mariner:kernel-tools", "p-cpe:/a:microsoft:cbl-mariner:python3-perf", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_KERNEL_CVE-2022-28390.NASL", "href": "https://www.tenable.com/plugins/nessus/172923", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172923);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/20\");\n\n script_cve_id(\"CVE-2022-28390\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: kernel (CVE-2022-28390)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-28390 advisory.\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-28390\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-dtb-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.41.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.41.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:26:05", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9582 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9582)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652"], "modified": "2022-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9582.NASL", "href": "https://www.tenable.com/plugins/nessus/163008", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9582.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163008);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/12\");\n\n script_cve_id(\"CVE-2022-1652\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9582)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2022-9582 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9582.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.515.3.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9582');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.515.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:26:06", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9583 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9583)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652"], "modified": "2022-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9583.NASL", "href": "https://www.tenable.com/plugins/nessus/163010", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9583.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163010);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/12\");\n\n script_cve_id(\"CVE-2022-1652\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9583)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9583 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9583.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.515.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9583');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.515.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.515.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.515.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.515.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.515.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.515.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.515.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T06:43:55", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-2619)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33655", "CVE-2022-1652", "CVE-2022-1729", "CVE-2022-20141", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-32250", "CVE-2022-32981", "CVE-2022-34918", "CVE-2022-36123", "CVE-2022-36946"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2619.NASL", "href": "https://www.tenable.com/plugins/nessus/166644", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166644);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-1652\",\n \"CVE-2022-1729\",\n \"CVE-2022-20141\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-32981\",\n \"CVE-2022-34918\",\n \"CVE-2022-36123\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-2619)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged\n user to gain root privileges. The bug allows to build several exploit primitives such as kernel address\n information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2619\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f93ae1ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-514.44.5.10.h366\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h366\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h366\",\n \"kernel-devel-3.10.0-514.44.5.10.h366\",\n \"kernel-headers-3.10.0-514.44.5.10.h366\",\n \"kernel-tools-3.10.0-514.44.5.10.h366\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h366\",\n \"perf-3.10.0-514.44.5.10.h366\",\n \"python-perf-3.10.0-514.44.5.10.h366\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-20T14:40:35", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9533 advisory.\n\n - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (CVE-2022-29582)\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-0500) (CVE-2022-1263)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. (CVE-2021-4095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel (ELSA-2022-9533)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2022-0500", "CVE-2022-1015", "CVE-2022-1263", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-29582"], "modified": "2022-07-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9533.NASL", "href": "https://www.tenable.com/plugins/nessus/162660", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9533.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162660);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/01\");\n\n script_cve_id(\n \"CVE-2021-4095\",\n \"CVE-2022-1015\",\n \"CVE-2022-1263\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-29582\"\n );\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel (ELSA-2022-9533)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9533 advisory.\n\n - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring\n timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race\n condition perhaps can only be exploited infrequently. (CVE-2022-29582)\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds\n memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local\n user to crash or escalate their privileges on the system. (CVE-2022-0500) (CVE-2022-1263)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without\n an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel\n oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects\n Linux kernel versions prior to 5.17-rc1. (CVE-2021-4095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9533.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29582\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.19.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9533');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.19.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T10:29:06", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9534 advisory.\n\n - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (CVE-2022-29582)\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-0500) (CVE-2022-1263)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. (CVE-2021-4095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9534)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2022-0500", "CVE-2022-1015", "CVE-2022-1263", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-29582"], "modified": "2022-07-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9534.NASL", "href": "https://www.tenable.com/plugins/nessus/162661", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9534.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162661);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/01\");\n\n script_cve_id(\n \"CVE-2021-4095\",\n \"CVE-2022-1015\",\n \"CVE-2022-1263\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-29582\"\n );\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9534)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9534 advisory.\n\n - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring\n timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race\n condition perhaps can only be exploited infrequently. (CVE-2022-29582)\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds\n memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local\n user to crash or escalate their privileges on the system. (CVE-2022-0500) (CVE-2022-1263)\n\n - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.\n This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without\n an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel\n oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects\n Linux kernel versions prior to 5.17-rc1. (CVE-2021-4095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9534.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29582\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.19.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9534');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-0.30.19.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-0.30.19.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-20T20:31:04", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1896)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4203", "CVE-2021-45868", "CVE-2022-0494", "CVE-2022-1011", "CVE-2022-1016", "CVE-2022-1353", "CVE-2022-28388", "CVE-2022-28390"], "modified": "2022-06-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1896.NASL", "href": "https://www.tenable.com/plugins/nessus/162355", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162355);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/17\");\n\n script_cve_id(\n \"CVE-2021-4203\",\n \"CVE-2021-45868\",\n \"CVE-2022-0494\",\n \"CVE-2022-1011\",\n \"CVE-2022-1016\",\n \"CVE-2022-1353\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1896)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota\n tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a\n corrupted quota file. (CVE-2021-45868)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1896\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7de3df93\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h687.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h687.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2023-03-10T19:24:44", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3360-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15) (SUSE-SU-2022:3360-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3360-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165423", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3360-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165423);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3360-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15) (SUSE-SU-2022:3360-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3360-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012356.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a50b311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150_86-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150.86-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_86-default-9-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150_86-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:23:39", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3424-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 29 for SLE 15) (SUSE-SU-2022:3424-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_89-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165568", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3424-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165568);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3424-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 29 for SLE 15) (SUSE-SU-2022:3424-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3424-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012398.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fe6427d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150000_150_89-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_89-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150000.150.89-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_89-default-8-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150000_150_89-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T04:36:57", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3409-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15) (SUSE-SU-2022:3409-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150_78-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3409-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172435", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3409-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172435);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3409-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15) (SUSE-SU-2022:3409-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3409-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012385.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ddd0849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150_78-default and / or kernel-livepatch-4_12_14-150_83-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_78-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150.78-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_78-default-14-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150.83-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_83-default-10-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150_78-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T12:29:34", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3342-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3342-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165428", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3342-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165428);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3342-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3342-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3342-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012349.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?190b373a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kgraft-patch-4_12_14-95_83-default, kgraft-patch-4_12_14-95_88-default and / or kgraft-\npatch-4_12_14-95_93-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-95.83-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_83-default-14-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.88-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_88-default-10-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.93-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_93-default-9-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kgraft-patch-4_12_14-95_83-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:23:54", "description": "The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3373-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-26T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (Live Patch 26 for SLE 12 SP4) (SUSE-SU-2022:3373-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3373-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165453", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3373-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165453);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3373-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (Live Patch 26 for SLE 12 SP4) (SUSE-SU-2022:3373-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3373-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012362.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?53171628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kgraft-patch-4_12_14-95_96-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-95.96-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_96-default-8-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kgraft-patch-4_12_14-95_96-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:24:26", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3368-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-25T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:3368-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3368-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165433", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3368-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165433);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3368-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:3368-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3368-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012360.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e800481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_49-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.49-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_49-default-13-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_49-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T16:28:59", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3359-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP1) (SUSE-SU-2022:3359-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165434", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3359-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165434);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3359-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP1) (SUSE-SU-2022:3359-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3359-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012358.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1eb172d3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150100_197_111-default, kernel-livepatch-4_12_14-197_105-default, kgraft-\npatch-4_12_14-122_113-default and / or kgraft-patch-4_12_14-122_121-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.113-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_113-default-10-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.121-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_121-default-6-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150100.197.111-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_111-default-8-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-197.105-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_105-default-10-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_111-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:23:38", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3350-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (Live Patch 24 for SLE 12 SP5) (SUSE-SU-2022:3350-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_91-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3350-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165426", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3350-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165426);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3350-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (Live Patch 24 for SLE 12 SP5) (SUSE-SU-2022:3350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3350-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012350.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46134f72\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kgraft-patch-4_12_14-122_91-default and / or kgraft-patch-4_12_14-122_98-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_91-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.91-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_91-default-17-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.98-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_98-default-15-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kgraft-patch-4_12_14-122_91-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T12:29:21", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3370-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-26T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3370-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_88-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3370-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165450", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3370-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165450);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3370-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3370-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3370-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012364.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec3dc5a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.103-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_103-default-15-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.106-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_106-default-13-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.116-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_116-default-8-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.88-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_88-default-17-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '5.14.21-150400.22-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_14_21-150400_22-default-6-150400.4.15.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_22-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T02:40:46", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3445-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:3445-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_37-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3445-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165574", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3445-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165574);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3445-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:3445-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3445-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012408.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4bf8b90\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-24_107-default, kernel-livepatch-5_3_18-24_83-default, kernel-\nlivepatch-5_3_18-24_86-default and / or kernel-livepatch-5_3_18-59_37-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_37-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-24.107-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_107-default-12-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.83-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_83-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.86-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_86-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-59.37-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_37-default-15-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_107-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T06:33:07", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3407-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:3407-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_24-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_27-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_60-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165497", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3407-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165497);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3407-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:3407-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3407-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012389.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6f17435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_24-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_27-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.110-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_110-default-11-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-197.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_102-default-14-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-197.108-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_108-default-9-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '5.3.18-150300.59.60-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_60-default-11-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.63-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_63-default-8-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.24-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_24-default-17-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.27-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_27-default-17-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.34-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_34-default-16-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-197_102-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T06:32:35", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3464-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:3464-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_54-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3464-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165584", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3464-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165584);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3464-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:3464-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3464-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012453.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?539e428a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_43-default, kernel-livepatch-5_3_18-150300_59_54-default and / or\nkernel-livepatch-5_3_18-150300_59_68-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_54-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.43-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_43-default-14-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.54-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_54-default-12-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-150300.59.68-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_68-default-7-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_43-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T08:36:15", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3433-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP3) (SUSE-SU-2022:3433-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-59_40-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3433-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165575", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3433-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165575);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3433-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP3) (SUSE-SU-2022:3433-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3433-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012402.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09364bd4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_46-default and / or kernel-livepatch-5_3_18-59_40-default\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_40-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150300.59.46-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150300_59_46-default-14-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n },\n '5.3.18-59.40-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-59_40-default-15-150300.2.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_46-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T22:38:31", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3476-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-01T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:3476-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-29581", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3476-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165608", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3476-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165608);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-29581\", \"CVE-2022-39188\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3476-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:3476-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3476-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203116\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012463.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3670f4b3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-150200.24.112-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_112-default-8-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_102-default-13-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.93-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_93-default-16-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.96-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_96-default-15-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.99-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_99-default-14-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150200_24_112-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T22:31:22", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9590.NASL", "href": "https://www.tenable.com/plugins/nessus/163036", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9590.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9590.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8uek', '5.15.0-0.30.20.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9590');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T22:31:35", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9591.NASL", "href": "https://www.tenable.com/plugins/nessus/163037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9591.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163037);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9591.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9591');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T23:02:04", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39698", "CVE-2021-39713", "CVE-2021-45868", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0494", "CVE-2022-1011", "CVE-2022-1016", "CVE-2022-1353", "CVE-2022-23960", "CVE-2022-27666", "CVE-2022-28388", "CVE-2022-28390"], "modified": "2022-10-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1934.NASL", "href": "https://www.tenable.com/plugins/nessus/162450", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162450);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/19\");\n\n script_cve_id(\n \"CVE-2021-39698\",\n \"CVE-2021-39713\",\n \"CVE-2021-45868\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0494\",\n \"CVE-2022-1011\",\n \"CVE-2022-1016\",\n \"CVE-2022-1353\",\n \"CVE-2022-23960\",\n \"CVE-2022-27666\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota\n tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a\n corrupted quota file. (CVE-2021-45868)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and\n net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap\n objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1934\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97f07722\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39698\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bpftool-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T00:42:44", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2776-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP2) (SUSE-SU-2022:2776-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-26490", "CVE-2022-28389", "CVE-2022-28390"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_78-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2776-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164064", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2776-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164064);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-1679\",\n \"CVE-2022-20141\",\n \"CVE-2022-26490\",\n \"CVE-2022-28389\",\n \"CVE-2022-28390\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2776-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP2) (SUSE-SU-2022:2776-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2776-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has\n EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201657\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011893.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1cf62b06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_78-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-24.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_102-default-11-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.107-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_107-default-10-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.78-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_78-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.83-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_83-default-15-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.86-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_86-default-15-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.96-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_96-default-13-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.99-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_99-default-12-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_102-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T14:27:34", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2783-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:2783-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-26490", "CVE-2022-28389", "CVE-2022-28390"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2783-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164097", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2783-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164097);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2022-1679\",\n \"CVE-2022-20141\",\n \"CVE-2022-26490\",\n \"CVE-2022-28389\",\n \"CVE-2022-28390\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2783-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:2783-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2783-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has\n EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201657\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011898.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bbb9a720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-24_93-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '5.3.18-24.93-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_93-default-14-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_93-default');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-22T01:51:32", "description": "The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1793 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1793)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1011", "CVE-2022-1353", "CVE-2022-1516", "CVE-2022-28389", "CVE-2022-28390"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.276-211.499", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1793.NASL", "href": "https://www.tenable.com/plugins/nessus/160578", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1793.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160578);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-1011\",\n \"CVE-2022-1353\",\n \"CVE-2022-1516\",\n \"CVE-2022-28389\",\n \"CVE-2022-28390\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1793)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1793 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1793.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1011.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1353.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1516.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28389.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28390.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.276-211.499\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1011\", \"CVE-2022-1353\", \"CVE-2022-1516\", \"CVE-2022-28389\", \"CVE-2022-28390\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1793\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.276-211.499.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.276-211.499-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.276-211.499.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.276-211.499.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-02T02:48:20", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5544-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5544-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-28893", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k"], "id": "UBUNTU_USN-5544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163701", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5544-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163701);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-28893\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5544-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5544-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5544-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5544-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-43-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-43\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5544-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-28893', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5544-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:15:55", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1183-1 advisory.\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. (CVE-2022-0850)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. (CVE-2022-1195)\n\n - A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.\n (CVE-2022-1198)\n\n - A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. (CVE-2022-1199)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.\n (CVE-2022-1205)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:1183-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45868", "CVE-2022-0850", "CVE-2022-0854", "CVE-2022-1011", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1195", "CVE-2022-1198", "CVE-2022-1199", "CVE-2022-1205", "CVE-2022-27666", "CVE-2022-28388", "CVE-2022-28389", "CVE-2022-28390"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1183-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159739", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1183-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159739);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-45868\",\n \"CVE-2022-0850\",\n \"CVE-2022-0854\",\n \"CVE-2022-1011\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1195\",\n \"CVE-2022-1198\",\n \"CVE-2022-1199\",\n \"CVE-2022-1205\",\n \"CVE-2022-27666\",\n \"CVE-2022-28388\",\n \"CVE-2022-28389\",\n \"CVE-2022-28390\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1183-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:1183-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:1183-1 advisory.\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota\n tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a\n corrupted quota file. (CVE-2021-45868)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to\n userspace. (CVE-2022-0850)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a\n local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device\n is detached and reclaim resources early. (CVE-2022-1195)\n\n - A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an\n attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.\n (CVE-2022-1198)\n\n - A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating\n amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free\n vulnerability. (CVE-2022-1199)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality\n in the way a user connects with the protocol. This flaw allows a local user to crash the system.\n (CVE-2022-1205)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and\n net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap\n objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1175667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198033\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010701.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45c03dc0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1048\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28390\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-64kb-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.63.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-allwinner-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-altera-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amd-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amlogic-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-apm-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-arm-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-broadcom-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-cavium-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-exynos-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-freescale-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-hisilicon-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-lg-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-marvell-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-mediatek-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-nvidia-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-qcom-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-renesas-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-rockchip-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-socionext-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-sprd-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-xilinx-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-zte-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-extra-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-optional-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-rebuild-5.3.18-150300.59.63.1.150300.18.39.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-optional-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-qa-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-vanilla-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.63.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-64kb-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.63.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.63.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_63-default-1-150300.7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T15:41:40", "description": "The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5413-1 advisory.\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-5413-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27820", "CVE-2021-39713", "CVE-2021-4157", "CVE-2022-26490", "CVE-2022-27223", "CVE-2022-28390"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-4.4.0-1140", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-4.4.0-1140", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-4.4.0-1140", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-generic-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-virtual-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-hwe-generic-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-hwe-virtual-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-cloud-tools-4.4.0-1105", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-4.4.0-1105", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-4.4.0-1105", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial-cloud-tools-4.4.0-224", "p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial-tools-4.4.0-224", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-4.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-1105-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-1140-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-xenial"], "id": "UBUNTU_USN-5413-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161061", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5413-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161061);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2021-4157\",\n \"CVE-2021-39713\",\n \"CVE-2022-26490\",\n \"CVE-2022-27223\",\n \"CVE-2022-28390\"\n );\n script_xref(name:\"USN\", value:\"5413-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-5413-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5413-1 advisory.\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has\n EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not\n validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5413-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-27223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-4.4.0-1140\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-4.4.0-1140\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-4.4.0-1140\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-generic-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-virtual-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-hwe-generic-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-hwe-virtual-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-cloud-tools-4.4.0-1105\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-4.4.0-1105\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-4.4.0-1105\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial-cloud-tools-4.4.0-224\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial-tools-4.4.0-224\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-4.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-1105-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-1140-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-4.4.0-224-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-lts-xenial\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-27820', 'CVE-2021-4157', 'CVE-2021-39713', 'CVE-2022-26490', 'CVE-2022-27223', 'CVE-2022-28390');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5413-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'linux-buildinfo-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-buildinfo-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-cloud-tools-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-headers-4.4.0-224', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-headers-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-headers-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-headers-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-headers-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-headers-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-image-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-image-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-image-extra-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-image-unsigned-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-image-unsigned-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-lts-xenial-cloud-tools-4.4.0-224', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-lts-xenial-tools-4.4.0-224', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-modules-extra-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-signed-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-signed-image-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-signed-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-signed-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-tools-4.4.0-224-generic', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-tools-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257~14.04.1'},\n {'osver': '14.04', 'pkgname': 'linux-tools-generic-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-tools-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-tools-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '14.04', 'pkgname': 'linux-virtual-lts-xenial', 'pkgver': '4.4.0.224.195'},\n {'osver': '16.04', 'pkgname': 'linux-aws', 'pkgver': '4.4.0.1140.145'},\n {'osver': '16.04', 'pkgname': 'linux-aws-cloud-tools-4.4.0-1140', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-aws-headers-4.4.0-1140', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-aws-tools-4.4.0-1140', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-buildinfo-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.4.0-224', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-cloud-tools-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-crashdump', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.4.0-224', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-headers-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-headers-aws', 'pkgver': '4.4.0.1140.145'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '4.4.0.1105.103'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-headers-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-hwe-generic-trusty', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-hwe-virtual-trusty', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws', 'pkgver': '4.4.0.1140.145'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-extra-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-hwe-generic-trusty', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-hwe-virtual-trusty', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.4.0.1105.103'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-image-unsigned-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-kvm', 'pkgver': '4.4.0.1105.103'},\n {'osver': '16.04', 'pkgname': 'linux-kvm-cloud-tools-4.4.0-1105', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-kvm-headers-4.4.0-1105', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-kvm-tools-4.4.0-1105', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-libc-dev', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-modules-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '4.4.0.1140.145'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-signed-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-source', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-source-4.4.0', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.4.0-1105-kvm', 'pkgver': '4.4.0-1105.114'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.4.0-1140-aws', 'pkgver': '4.4.0-1140.154'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.4.0-224', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.4.0-224-generic', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-4.4.0-224-lowlatency', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-aws', 'pkgver': '4.4.0.1140.145'},\n {'osver': '16.04', 'pkgname': 'linux-tools-common', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-generic-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-host', 'pkgver': '4.4.0-224.257'},\n {'osver': '16.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '4.4.0.1105.103'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lowlatency-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-tools-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-virtual', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-lts-utopic', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-lts-vivid', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-lts-wily', 'pkgver': '4.4.0.224.231'},\n {'osver': '16.04', 'pkgname': 'linux-virtual-lts-xenial', 'pkgver': '4.4.0.224.231'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-cloud-tools-4.4.0-1140 / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:22:01", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2727-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:2727-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1679", "CVE-2022-20141", "CVE-2022-28389", "CVE-2022-28390", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_60-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2727-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164002", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2727-1. T

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9557)

Description

Related