DATABASE RESOURCES PRICING ABOUT US

{"id": "ORACLELINUX_ELSA-2022-9829.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9829)", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9829 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-09-22T00:00:00", "modified": "2023-10-11T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/165297", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1280", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3669", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21385", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21546", "https://linux.oracle.com/errata/ELSA-2022-9829.html"], "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "immutableFields": [], "lastseen": "2023-10-15T15:06:44", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1988", "ALSA-2022:7444", "ALSA-2022:7683", "ALSA-2022:7933", "ALSA-2022:8267"]}, {"type": "amazon", "idList": ["ALAS-2023-1773", "ALAS2-2023-2100"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cnvd", "idList": ["CNVD-2022-69189"]}, {"type": "cve", "idList": ["CVE-2021-3669", "CVE-2022-1246", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3669", "DEBIANCVE:CVE-2022-1280", "DEBIANCVE:CVE-2022-21385", "DEBIANCVE:CVE-2022-2586"]}, {"type": "fedora", "idList": ["FEDORA:791D3304C27B", "FEDORA:A4846305797B"]}, {"type": "githubexploit", "idList": ["1EF67F84-0CA0-5928-AE63-14B72E0B13B0"]}, {"type": "ibm", "idList": ["02CC99E090503F835786673C0D9AC57A5628D25502EC0A7153FEE8616009F203", "7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "C99B3CF5E0C30EDD67EC0E6E4726E2E6DFC139B986DAA387637216BB3413077B", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228"]}, {"type": "ics", "idList": ["ICSA-23-166-11"]}, {"type": "mageia", "idList": ["MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2023-2100.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "ALA_ALAS-2023-1773.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DSA-5207.NASL", "EULEROS_SA-2021-2805.NASL", "EULEROS_SA-2022-1010.NASL", "EULEROS_SA-2022-1030.NASL", "EULEROS_SA-2022-1046.NASL", "EULEROS_SA-2022-1208.NASL", "EULEROS_SA-2022-1227.NASL", "EULEROS_SA-2022-1376.NASL", "EULEROS_SA-2022-1402.NASL", "EULEROS_SA-2022-1537.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2022-2906.NASL", "EULEROS_SA-2022-2932.NASL", "EULEROS_SA-2023-1168.NASL", "EULEROS_SA-2023-1193.NASL", "EULEROS_SA-2023-1223.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-2252.NASL", "OPENSUSE-2021-1357.NASL", "OPENSUSE-2021-1365.NASL", "OPENSUSE-2021-3338.NASL", "OPENSUSE-2021-3387.NASL", "OPENSUSE-2021-3447.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9726.NASL", "ORACLELINUX_ELSA-2022-9727.NASL", "ORACLELINUX_ELSA-2022-9728.NASL", "ORACLELINUX_ELSA-2022-9729.NASL", "ORACLELINUX_ELSA-2022-9730.NASL", "ORACLELINUX_ELSA-2022-9731.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9787.NASL", "ORACLELINUX_ELSA-2022-9788.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9828.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "ROCKY_LINUX_RLSA-2022-1975.NASL", "ROCKY_LINUX_RLSA-2022-1988.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SUSE_SU-2021-3337-1.NASL", "SUSE_SU-2021-3338-1.NASL", "SUSE_SU-2021-3339-1.NASL", "SUSE_SU-2021-3387-1.NASL", "SUSE_SU-2021-3415-1.NASL", "SUSE_SU-2021-3447-1.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-1668-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1686-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-1783-1.NASL", "SUSE_SU-2022-1796-1.NASL", "SUSE_SU-2022-1849-1.NASL", "SUSE_SU-2022-1859-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3585-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3704-1.NASL", "SUSE_SU-2022-3775-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3844-1.NASL", "SUSE_SU-2022-4617-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5927-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-5980-1.NASL", "UBUNTU_USN-5981-1.NASL", "UBUNTU_USN-5984-1.NASL", "UBUNTU_USN-5985-1.NASL", "UBUNTU_USN-5991-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6009-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6020-1.NASL", "UBUNTU_USN-6030-1.NASL", "UBUNTU_USN-6151-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1988", "ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9726", "ELSA-2022-9727", "ELSA-2022-9728", "ELSA-2022-9729", "ELSA-2022-9730", "ELSA-2022-9731", "ELSA-2022-9761", "ELSA-2022-9787", "ELSA-2022-9788", "ELSA-2022-9827", "ELSA-2022-9828", "ELSA-2022-9829", "ELSA-2022-9830"]}, {"type": "osv", "idList": ["OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0226", "PHSA-2022-0506", "PHSA-2022-3.0-0433", "PHSA-2022-4.0-0226", "PHSA-2023-4.0-0420"]}, {"type": "prion", "idList": ["PRION:CVE-2021-3669", "PRION:CVE-2022-1280", "PRION:CVE-2022-21385"]}, {"type": "redhat", "idList": ["RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483", "RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:9040"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3669", "RH:CVE-2022-1280", "RH:CVE-2022-2586"]}, {"type": "redos", "idList": ["ROS-20220908-01"]}, {"type": "rocky", "idList": ["RLSA-2022:1975", "RLSA-2022:1988", "RLSA-2022:7444", "RLSA-2022:7683"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1357-1", "OPENSUSE-SU-2021:1365-1", "OPENSUSE-SU-2021:3338-1", "OPENSUSE-SU-2021:3387-1", "OPENSUSE-SU-2021:3447-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3585-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3775-1", "SUSE-SU-2022:3809-1", "SUSE-SU-2022:3844-1"]}, {"type": "ubuntu", "idList": ["LSN-0089-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5582-1", "USN-5924-1", "USN-5927-1", "USN-5975-1", "USN-5980-1", "USN-5981-1", "USN-5984-1", "USN-5985-1", "USN-5991-1", "USN-6001-1", "USN-6009-1", "USN-6013-1", "USN-6014-1", "USN-6020-1", "USN-6030-1", "USN-6151-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3669", "UB:CVE-2022-1280", "UB:CVE-2022-21385", "UB:CVE-2022-2586"]}, {"type": "veracode", "idList": ["VERACODE:35868", "VERACODE:37094", "VERACODE:39450"]}, {"type": "zdi", "idList": ["ZDI-22-1118"]}]}, "score": {"value": 7.1, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-3669", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2022-1280", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-21385", "epss": 0.00045, "percentile": 0.11938, "modified": "2023-05-02"}], "vulnersScore": 7.1}, "_state": {"dependencies": 1697383096, "score": 1698852299, "epss": 0}, "_internal": {"score_hash": "811c4a1b46ff1e54abaf4bcd5131789a"}, "pluginID": "165297", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9829.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165297);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/11\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-1280\",\n \"CVE-2022-2586\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9829)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9829 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9829.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.311.6.el7', '5.4.17-2136.311.6.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9829');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.311.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.311.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.311.6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.311.6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "solution": "Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.", "nessusSeverity": "Low", "cvssScoreSource": "CVE-2022-1280", "vendor_cvss2": {"score": 3.3, "vector": "CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P"}, "vendor_cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-09-21T00:00:00", "vulnerabilityPublicationDate": "2022-04-13T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2022-09-21T20:46:15", "description": "[5.4.17-2136.311.6]\n- Revert 'KVM: x86: Print error code in exception injection tracepoint iff\n valid' (Sherry Yang) [Orabug: 34535896]\n[5.4.17-2136.311.5]\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n[5.4.17-2136.311.4]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546}\n- Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941]\n- arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995]\n- drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890]\n- mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890]\n- mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890]\n- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890]\n- netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890]\n- mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890]\n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890]\n- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890]\n- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890]\n- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890]\n- vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890]\n- MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890]\n- uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890]\n- mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890]\n- kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890]\n- mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890]\n- MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890]\n- mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890]\n- mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890]\n- mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890]\n- KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890]\n- Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890]\n- mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890]\n- mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890]\n- net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890]\n- net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890]\n- drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890]\n- mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890]\n- mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890]\n- asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890]\n- fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890]\n- fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890]\n- fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890]\n- MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890]\n- MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890]\n- arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890]\n- MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890]\n- net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890]\n- Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890]\n- Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890]\n- Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890]\n- Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890]\n- OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890]\n- Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890]\n- net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890]\n- net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890]\n- MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890]\n- MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890]\n- netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890]\n- mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890]\n- netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890]\n- Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890]\n- net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890]\n- Fix build issues (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890]\n- Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890]\n- net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890]\n- Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890]\n- EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890]\n- EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890]\n- net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890]\n- edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890]\n- EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890]\n- netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890]\n- net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890]\n- of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890]\n- ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890]\n- octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890]\n- net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890]\n- Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890]\n- Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890]\n- octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890]\n- rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890]\n- rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890]\n- rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890]\n- i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890]\n- MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890]\n- EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890]\n- netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890]\n- Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890]\n- mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890]\n- MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890]\n- MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890]\n- netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890]\n- MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890]\n- MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890]\n- MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890]\n- MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890]\n- gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890]\n- netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890]\n- MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890]\n- netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890]\n- staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890]\n- mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890]\n- mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890]\n- MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890]\n- mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890]\n- mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890]\n- net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890]\n- crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890]\n- ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890]\n- netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890]\n- netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890]\n- phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890]\n- net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890]\n- netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890]\n- netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890]\n- netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890]\n- perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890]\n- MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890]\n- MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890]\n- OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890]\n- RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890]\n- RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890]\n- MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890]\n- Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890]\n- Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890]\n- mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890]\n- MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890]\n- MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890]\n- MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890]\n- MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890]\n- MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890]\n- MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890]\n- MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890]\n- MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890]\n- watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890]\n- MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890]\n- MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890]\n- MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890]\n- MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890]\n- edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890]\n- MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890]\n- MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890]\n- MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890]\n- MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890]\n- MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890]\n- MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890]\n- MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890]\n- MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890]\n- MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890]\n- Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890]\n- MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890]\n- MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890]\n- MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890]\n- MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890]\n- MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890]\n- gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890]\n- MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890]\n- MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890]\n- MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890]\n[5.4.17-2136.311.3]\n- arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736]\n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732]\n[5.4.17-2136.311.2]\n- s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) \n- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) \n- LTS tag: v5.4.206 (Sherry Yang) \n- Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) \n- LTS tag: v5.4.205 (Sherry Yang) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) \n- misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) \n- misc: rtsx_usb: use separate command and response buffers (Shuah Khan) \n- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) \n- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- selftests: forwarding: fix error message in learning_test (Vladimir Oltean) \n- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) \n- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) \n- ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) \n- pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) \n- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) \n- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) \n- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Prevent that screen size is smaller than font size (Helge Deller) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) \n- fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- LTS tag: v5.4.204 (Sherry Yang) \n- clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33742}\n- xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33741}\n- xen/netfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-33740}\n- xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-26365}\n- selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) \n- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) \n- selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) \n- selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) \n- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) \n- selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) \n- selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) \n- selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) \n- selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) \n- selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) \n- selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) \n- rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- net: dsa: bcm_sf2: force pause link settings (Doug Berger) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: tun: avoid disabling NAPI twice (Jakub Kicinski) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) \n- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: tun: stop NAPI when detaching queues (Jakub Kicinski) \n- net: tun: unlink NAPI from device on destruction (Jakub Kicinski) \n- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) \n- virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) \n- powerpc/prom_init: Fix kernel config grep (Liam Howlett) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) \n- LTS tag: v5.4.203 (Sherry Yang) \n- crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) \n- crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) \n- ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) \n- ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) \n- ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) \n- ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) \n- crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) \n- ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) \n- ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) \n- net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- LTS tag: v5.4.202 (Sherry Yang) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9829", "href": "http://linux.oracle.com/errata/ELSA-2022-9829.html", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-22T18:16:29", "description": "[5.4.17-2136.311.6]\n- Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896]\n[5.4.17-2136.311.5]\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n[5.4.17-2136.311.4]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546}\n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465809] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465809] \n- Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562] \n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941] \n- arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995] \n- drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890] \n- mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890] \n- mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890] \n- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890] \n- netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890] \n- mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890] \n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890] \n- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890] \n- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890] \n- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890] \n- vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890] \n- MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890] \n- uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890] \n- mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890] \n- kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890] \n- mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890] \n- MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890] \n- mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890] \n- mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890] \n- mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890] \n- KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890] \n- Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890] \n- mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890] \n- mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890] \n- net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890] \n- net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890] \n- drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890] \n- mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890] \n- mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890] \n- asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890] \n- fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890] \n- fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890] \n- fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890] \n- MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890] \n- MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890] \n- arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890] \n- MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890] \n- net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890] \n- Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890] \n- Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890] \n- Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890] \n- Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890] \n- OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890] \n- Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890] \n- net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890] \n- net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890] \n- MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] \n- MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890] \n- netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890] \n- mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890] \n- netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890] \n- Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890] \n- net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890] \n- Fix build issues (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890] \n- Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: cache info (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890] \n- net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] \n- Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] \n- EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890] \n- EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890] \n- net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890] \n- edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890] \n- EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890] \n- netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890] \n- net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890] \n- of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890] \n- ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890] \n- octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890] \n- net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890] \n- Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890] \n- Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890] \n- octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890] \n- rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890] \n- rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890] \n- rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890] \n- i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890] \n- MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890] \n- EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890] \n- netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890] \n- Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890] \n- mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890] \n- MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890] \n- MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890] \n- netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890] \n- MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890] \n- MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890] \n- MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890] \n- MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890] \n- gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890] \n- netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890] \n- MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890] \n- netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890] \n- staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890] \n- mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890] \n- mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890] \n- MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890] \n- mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890] \n- mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890] \n- net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890] \n- crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890] \n- ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890] \n- netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890] \n- netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890] \n- phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890] \n- net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890] \n- netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890] \n- netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890] \n- netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890] \n- perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890] \n- MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890] \n- MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890] \n- OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890] \n- RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890] \n- RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890] \n- MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890] \n- Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890] \n- Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890] \n- mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890] \n- MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890] \n- MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890] \n- MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890] \n- MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890] \n- MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890] \n- MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890] \n- MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890] \n- MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890] \n- watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890] \n- MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890] \n- MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890] \n- MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890] \n- MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890] \n- edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890] \n- MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890] \n- MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890] \n- MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890] \n- MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890] \n- MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890] \n- MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890] \n- MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890] \n- MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890] \n- MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890] \n- Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890] \n- MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890] \n- MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890] \n- MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890] \n- MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890] \n- MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890] \n- gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890] \n- MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890] \n- MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890] \n- MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890]\n[5.4.17-2136.311.3]\n- arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595] \n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732]\n[5.4.17-2136.311.2]\n- s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) \n- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) \n- LTS tag: v5.4.206 (Sherry Yang) \n- Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) \n- LTS tag: v5.4.205 (Sherry Yang) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) \n- misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) \n- misc: rtsx_usb: use separate command and response buffers (Shuah Khan) \n- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) \n- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- selftests: forwarding: fix error message in learning_test (Vladimir Oltean) \n- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) \n- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) \n- ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) \n- pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) \n- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) \n- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) \n- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Prevent that screen size is smaller than font size (Helge Deller) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) \n- fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- LTS tag: v5.4.204 (Sherry Yang) \n- clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) \n- xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) \n- xen/netfront: fix leaking data in shared pages (Roger Pau Monne) \n- xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) \n- selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) \n- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) \n- selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) \n- selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) \n- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) \n- selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) \n- selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) \n- selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) \n- selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) \n- selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) \n- selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) \n- rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- net: dsa: bcm_sf2: force pause link settings (Doug Berger) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: tun: avoid disabling NAPI twice (Jakub Kicinski) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) \n- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: tun: stop NAPI when detaching queues (Jakub Kicinski) \n- net: tun: unlink NAPI from device on destruction (Jakub Kicinski) \n- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) \n- virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) \n- powerpc/prom_init: Fix kernel config grep (Liam Howlett) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) \n- LTS tag: v5.4.203 (Sherry Yang) \n- crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) \n- crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) \n- ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) \n- ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) \n- ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) \n- ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) \n- crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) \n- ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) \n- ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) \n- net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- LTS tag: v5.4.202 (Sherry Yang) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2022-09-22T00:00:00", "id": "ELSA-2022-9828", "href": "http://linux.oracle.com/errata/ELSA-2022-9828.html", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] \n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] \n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] \n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n(Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] \n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] \n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] \n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] \n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] \n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] \n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] \n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] \n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] \n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9787", "href": "http://linux.oracle.com/errata/ELSA-2022-9787.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3.el7]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2.el7]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1.el7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834]\n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118]\n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n- crypto: blake2s - include \n instead of \n (Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0.el7]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738]\n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004]\n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004]\n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478]\n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153]\n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210]\n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378]\n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281]\n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281]\n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257]\n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338]\n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338]\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9788", "href": "http://linux.oracle.com/errata/ELSA-2022-9788.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-21T22:44:06", "description": "[5.15.0-2.52.3.el8]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9830", "href": "http://linux.oracle.com/errata/ELSA-2022-9830.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-21T22:44:04", "description": "[5.15.0-2.52.3]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9827", "href": "http://linux.oracle.com/errata/ELSA-2022-9827.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[5.15.0-1.43.4.2]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981854] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9729", "href": "http://linux.oracle.com/errata/ELSA-2022-9729.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:42", "description": "[5.4.17-2136.310.7.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981855] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9727", "href": "http://linux.oracle.com/errata/ELSA-2022-9727.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[4.14.35-2047.516.2.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981856] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9728", "href": "http://linux.oracle.com/errata/ELSA-2022-9728.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[4.14.35-2047.516.2.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981856] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9731", "href": "http://linux.oracle.com/errata/ELSA-2022-9731.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[5.15.0-1.43.4.2]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9726", "href": "http://linux.oracle.com/errata/ELSA-2022-9726.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[5.4.17-2136.310.7.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981855] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9730", "href": "http://linux.oracle.com/errata/ELSA-2022-9730.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T17:18:13", "description": "[4.1.12-124.66.3]\n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011}\n- vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656}\n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655}\n- fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655}\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546}\n- scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498]\n[4.1.12-124.66.2]\n- mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213}\n- ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557}\n- vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558}\n- VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588}\n[4.1.12-124.66.1]\n- net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] \n- mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-06T00:00:00", "id": "ELSA-2022-9761", "href": "http://linux.oracle.com/errata/ELSA-2022-9761.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-27T00:57:33", "description": "[5.14.0-162.6.1_1.OL9]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5\n- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]\n[5.14.0-162.6.1_1]\n- kabi: add symbol yield to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sort to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol efi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol capable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287]\n[5.14.0-162.5.1_1]\n- redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert)\n- netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393]\n- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393]\n- netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393]\n- netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393]\n- netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393]\n- netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393]\n- netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393]\n- netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393]\n- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393]\n- netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393]\n- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393]\n- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393]\n- netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393]\n[5.14.0-162.4.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153]\n[5.14.0-162.3.1]\n- scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469]\n- x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719]\n[5.14.0-162.2.1]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871]\n- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068]\n[5.14.0-162.1.1]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375]\n- Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139]\n- redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert)\n- redhat: add missing CVE reference to latest changelog entries (Patrick Talbert)\n[5.14.0-162]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n[5.14.0-161]\n- x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368]\n- x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368]\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368]\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368]\n- redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata)\n- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854]\n[5.14.0-160]\n- iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701]\n- gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916]\n- gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916]\n- gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916]\n- gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916]\n- gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916]\n- gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916]\n- gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916]\n- gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916]\n- gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916]\n- gve: Correct order of processing device options (Jordan Kimbrough) [2022916]\n- gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916]\n- gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916]\n- gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916]\n- gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916]\n- gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916]\n- gve: Add RX context. (Jordan Kimbrough) [2022916]\n- gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916]\n- gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916]\n- gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916]\n- gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916]\n- gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916]\n- gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916]\n- gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916]\n- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916]\n- gve: fix gve_get_stats() (Jordan Kimbrough) [2022916]\n- gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916]\n- gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916]\n- gve: Correct available tx qpl check (Jordan Kimbrough) [2022916]\n- gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916]\n- gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916]\n- ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086]\n- lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086]\n- x86/alternative: Report missing return thunk details (Waiman Long) [2115086]\n- nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461]\n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526]\n- scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-11-22T00:00:00", "id": "ELSA-2022-8267", "href": "http://linux.oracle.com/errata/ELSA-2022-8267.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-10-15T15:07:08", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9828 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9828)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2023-10-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9828.NASL", "href": "https://www.tenable.com/plugins/nessus/165317", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9828.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165317);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/11\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-1280\",\n \"CVE-2022-2586\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9828)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9828 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9828.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.311.6.el7uek', '5.4.17-2136.311.6.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9828');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.311.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-5.4.17'},\n {'reference':'python-perf-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.311.6.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:49", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9788 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9788.NASL", "href": "https://www.tenable.com/plugins/nessus/165208", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9788.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165208);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-21385\", \"CVE-2022-21546\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9788)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2022-9788 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9788.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.517.3.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9788');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.517.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:21", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9787 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9787.NASL", "href": "https://www.tenable.com/plugins/nessus/165209", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9787.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165209);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-21385\", \"CVE-2022-21546\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9787)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9787 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.517.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9787');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.517.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-4.14.35'},\n {'reference':'python-perf-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T18:46:23", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9827 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9827)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1462", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9827.NASL", "href": "https://www.tenable.com/plugins/nessus/165315", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9827.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165315);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9827)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9827 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user\n creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user\n to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9827.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-2.52.3.el8uek', '5.15.0-2.52.3.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9827');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-2.52.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-2.52.3.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T12:40:38", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9830 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1462", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9830.NASL", "href": "https://www.tenable.com/plugins/nessus/165296", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9830.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165296);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9830 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user\n creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user\n to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9830.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-2.52.3.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9830');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-2.52.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-2.52.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:03:29", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9731 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9731.NASL", "href": "https://www.tenable.com/plugins/nessus/164301", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9731.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164301);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9731)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2022-9731 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9731.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.2.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9731');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.516.2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:04:26", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9729 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9729.NASL", "href": "https://www.tenable.com/plugins/nessus/164297", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9729.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164297);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9729)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9729 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9729.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.2.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9729');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-1.43.4.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-1.43.4.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:04:25", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9728 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9728)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9728.NASL", "href": "https://www.tenable.com/plugins/nessus/164296", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9728.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164296);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9728)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9728 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9728.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.2.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9728');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.516.2.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:29", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9726 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9726)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9726.NASL", "href": "https://www.tenable.com/plugins/nessus/164299", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9726.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164299);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9726)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9726 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9726.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.2.el8uek', '5.15.0-1.43.4.2.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9726');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.2.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.2.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:29", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9727 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9727)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9727.NASL", "href": "https://www.tenable.com/plugins/nessus/164300", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9727.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164300);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9727)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9727 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9727.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.1.el7uek', '5.4.17-2136.310.7.1.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9727');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:05:07", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9730 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9730.NASL", "href": "https://www.tenable.com/plugins/nessus/164298", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9730.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164298);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9730 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9730.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.1.el7', '5.4.17-2136.310.7.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9730');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:35:18", "description": "The remote SUSE Linux SLES12 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1783-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2022:1783-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1280"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_53_4-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_19-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_74-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1783-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161431", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1783-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161431);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-1280\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1783-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2022:1783-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1783-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011117.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6856268\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-24_53_4-default, kernel-livepatch-5_3_18-59_19-default and / or kgraft-\npatch-4_12_14-122_74-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_53_4-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_19-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_74-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_3_18-24_53_4-default-15-150200.2.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-59_19-default-13-150300.2.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-24_53_4-default-15-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-59_19-default-13-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kgraft-patch-4_12_14-122_74-default-15-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_53_4-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:35:59", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1849-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-26T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP3) (SUSE-SU-2022:1849-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1280"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_10-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1849-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161548", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1849-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161548);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2022-1280\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1849-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP3) (SUSE-SU-2022:1849-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2022:1849-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011163.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5349a22\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-24_102-default and / or kernel-livepatch-5_3_18-59_10-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_10-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_3_18-24_102-default-7-150200.2.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-59_10-default-15-150300.2.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-24_102-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-59_10-default-15-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_102-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:01", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1859-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:1859-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1280"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1859-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161646", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1859-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161646);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2022-1280\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1859-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:1859-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2022:1859-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011165.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b78cad01\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150300_59_49-default and / or kernel-livepatch-5_3_18-24_99-default\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_49-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_3_18-24_99-default-8-150200.2.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_49-default-7-150300.2.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-24_99-default-8-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_49-default-7-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_49-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:36:25", "description": "The remote SUSE Linux SLES12 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1796-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:1796-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1280"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_67-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-57-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1796-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161468", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1796-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161468);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2022-1280\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1796-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:1796-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1796-1 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011134.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f897fae6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-24_67-default, kernel-livepatch-5_3_18-57-default and / or kgraft-\npatch-4_12_14-122_110-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_67-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-57-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_3_18-24_67-default-15-150200.2.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-57-default-17-150200.3.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-24_67-default-15-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-57-default-17-150200.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kgraft-patch-4_12_14-122_110-default-5-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-24_67-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:02:49", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-231-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-231-lowlatency"], "id": "UBUNTU_USN-5557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164005", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164005);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5557-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-231-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-231-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-231',\n 'lowlatency': '4.4.0-231',\n 'kvm': '4.4.0-1112',\n 'aws': '4.4.0-1147'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5557-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5557-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:03:36", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem"], "id": "UBUNTU_USN-5567-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5567-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164037);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\"CVE-2022-2585\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5567-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5567-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.14.0': {\n 'oem': '5.14.0-1048'\n }\n },\n '22.04': {\n '5.17.0': {\n 'oem': '5.17.0-1015'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5567-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5567-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-06T00:38:29", "description": "The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1462", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo"], "id": "AL2_ALASKERNEL-5_4-2022-035.NASL", "href": "https://www.tenable.com/plugins/nessus/165104", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-035.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165104);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-035.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2586.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-035\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:34:00", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-3759)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2021-3759", "CVE-2021-40490", "CVE-2021-41864"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2805.NASL", "href": "https://www.tenable.com/plugins/nessus/156303", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156303);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2021-3759\",\n \"CVE-2021-40490\",\n \"CVE-2021-41864\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2805)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem,\n in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local\n user to starve the resources, causing a denial of service. The highest threat from this vulnerability is\n to system availability. (CVE-2021-3759)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2805\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8133fa37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bpftool-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T14:40:26", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-3759)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-12T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2022-1046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2021-3759", "CVE-2021-40490", "CVE-2021-41864"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/157928", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157928);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2021-3759\",\n \"CVE-2021-40490\",\n \"CVE-2021-41864\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2022-1046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem,\n in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local\n user to starve the resources, causing a denial of service. The highest threat from this vulnerability is\n to system availability. (CVE-2021-3759)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1046\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ab5e810\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bpftool-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1108.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-09T17:53:14", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6151-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-06-09T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6151-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2022-2196", "CVE-2022-4382", "CVE-2023-23559"], "modified": "2023-06-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1023-xilinx-zynqmp"], "id": "UBUNTU_USN-6151-1.NASL", "href": "https://www.tenable.com/plugins/nessus/177051", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6151-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177051);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/09\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-2196\",\n \"CVE-2022-4382\",\n \"CVE-2023-23559\"\n );\n script_xref(name:\"USN\", value:\"6151-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6151-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-6151-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was\n found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an\n integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6151-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23559\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1023-xilinx-zynqmp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.4.0': {\n 'xilinx-zynqmp': '5.4.0-1023'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-6151-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3669', 'CVE-2022-2196', 'CVE-2022-4382', 'CVE-2023-23559');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-6151-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T11:10:20", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5980-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5980-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2022-2196", "CVE-2022-4382", "CVE-2023-23559"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1082-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1088-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1096-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1099-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1102-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1105-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-lowlatency"], "id": "UBUNTU_USN-5980-1.NASL", "href": "https://www.tenable.com/plugins/nessus/173619", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5980-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173619);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-2196\",\n \"CVE-2022-4382\",\n \"CVE-2023-23559\"\n );\n script_xref(name:\"USN\", value:\"5980-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5980-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5980-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was\n found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an\n integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5980-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23559\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1082-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1088-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1096-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1099-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1102-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1105-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-lowlatency\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-146',\n 'generic-lpae': '5.4.0-146',\n 'lowlatency': '5.4.0-146',\n 'ibm': '5.4.0-1046',\n 'gkeop': '5.4.0-1066',\n 'raspi': '5.4.0-1082',\n 'kvm': '5.4.0-1088',\n 'gke': '5.4.0-1096',\n 'oracle': '5.4.0-1098',\n 'aws': '5.4.0-1099',\n 'gcp': '5.4.0-1102',\n 'azure': '5.4.0-1105'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5980-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3669', 'CVE-2022-2196', 'CVE-2022-4382', 'CVE-2023-23559');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5980-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T09:34:18", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6020-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-14T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6020-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2022-2196", "CVE-2022-4382", "CVE-2023-23559"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1060-bluefield"], "id": "UBUNTU_USN-6020-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174330", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6020-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174330);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-2196\",\n \"CVE-2022-4382\",\n \"CVE-2023-23559\"\n );\n script_xref(name:\"USN\", value:\"6020-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6020-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-6020-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was\n found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an\n integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6020-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23559\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1060-bluefield\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.4.0': {\n 'bluefield': '5.4.0-1060'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-6020-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3669', 'CVE-2022-2196', 'CVE-2022-4382', 'CVE-2023-23559');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-6020-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T10:34:49", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5985-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-29T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5985-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2022-2196", "CVE-2022-4382", "CVE-2023-23559"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1082-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1099-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1102-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1105-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-lowlatency"], "id": "UBUNTU_USN-5985-1.NASL", "href": "https://www.tenable.com/plugins/nessus/173652", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5985-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173652);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-2196\",\n \"CVE-2022-4382\",\n \"CVE-2023-23559\"\n );\n script_xref(name:\"USN\", value:\"5985-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5985-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5985-1 advisory.\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was\n found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)\n\n - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an\n integer overflow in an addition. (CVE-2023-23559)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5985-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23559\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1082-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1098-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1099-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1102-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1105-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-146-lowlatency\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-146',\n 'generic-lpae': '5.4.0-146',\n 'lowlatency': '5.4.0-146',\n 'ibm': '5.4.0-1046',\n 'raspi': '5.4.0-1082',\n 'oracle': '5.4.0-1098',\n 'aws': '5.4.0-1099',\n 'gcp': '5.4.0-1102',\n 'azure': '5.4.0-1105'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5985-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3669', 'CVE-2022-2196', 'CVE-2022-4382', 'CVE-2023-23559');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5985-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:04:57", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3669", "CVE-2021-4197", "CVE-2022-0617", "CVE-2022-22942", "CVE-2022-24448"], "modified": "2023-10-31T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/160116", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160116);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/31\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2021-4197\",\n \"CVE-2022-0617\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1537)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95538f0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h675.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h675.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:09:17", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5565-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k"], "id": "UBUNTU_USN-5565-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164034", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5565-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164034);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"USN\", value:\"5565-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5565-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5565-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'generic': '5.15.0-46',\n 'generic-64k': '5.15.0-46',\n 'generic-lpae': '5.15.0-46',\n 'lowlatency': '5.15.0-46',\n 'lowlatency-64k': '5.15.0-46'\n }\n },\n '22.04': {\n '5.15.0': {\n 'generic': '5.15.0-46',\n 'generic-64k': '5.15.0-46',\n 'generic-lpae': '5.15.0-46',\n 'lowlatency': '5.15.0-46',\n 'lowlatency-64k': '5.15.0-46'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5565-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5565-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T13:13:37", "description": "The version of kernel installed on the remote host is prior to 4.14.318-166.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1773 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)\n\n - do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)\n\n - A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated When modifying the block device while it is mounted by the filesystem access.\n (CVE-2023-34256)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2023-1773)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2586", "CVE-2022-32250", "CVE-2022-34918", "CVE-2023-2269", "CVE-2023-28466", "CVE-2023-3111", "CVE-2023-34256"], "modified": "2023-07-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1773.NASL", "href": "https://www.tenable.com/plugins/nessus/177909", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1773.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177909);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/06\");\n\n script_cve_id(\n \"CVE-2022-2586\",\n \"CVE-2022-34918\",\n \"CVE-2023-2269\",\n \"CVE-2023-3111\",\n \"CVE-2023-28466\",\n \"CVE-2023-34256\"\n );\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2023-1773)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.318-166.529. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2023-1773 advisory.\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a\n deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-\n component. (CVE-2023-2269)\n\n - do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading\n to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)\n\n - A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the\n Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling\n btrfs_ioctl_defrag(). (CVE-2023-3111)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in\n crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check\n an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against\n attackers with the stated When modifying the block device while it is mounted by the filesystem access.\n (CVE-2023-34256)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1773.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2586.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-2269.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-28466.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-3111.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-34256.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-3111\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2586\", \"CVE-2022-34918\", \"CVE-2023-2269\", \"CVE-2023-3111\", \"CVE-2023-28466\", \"CVE-2023-34256\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2023-1773\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.318-166.529.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.318-166.529.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:04:09", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3338-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3338-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154087", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3338-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154087);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3338-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3338-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3338-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009565.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2614b84e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-38.25.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-38.25.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-38.25.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-38.25.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-38.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T17:16:57", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2268-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-06T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2268-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39698", "CVE-2022-1016", "CVE-2022-1280", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-30594", "CVE-2022-32250"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2268-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162764", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2268-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162764);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-39698\",\n \"CVE-2022-1016\",\n \"CVE-2022-1280\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-30594\",\n \"CVE-2022-32250\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2268-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2268-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2268-1 advisory.\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers\n to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32250\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011401.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5fa456c4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_14_21-150400_22-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-5_14_21-150400_22-default-2-150400.4.3.3', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'kernel-livepatch-5_14_21-150400_22-default-2-150400.4.3.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_22-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:05:38", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3447-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3447-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kmod", "p-cpe:/a:novell:suse_linux:kmod-bash-completion", "p-cpe:/a:novell:suse_linux:kmod-compat", "p-cpe:/a:novell:suse_linux:libkmod-devel", "p-cpe:/a:novell:suse_linux:libkmod2", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:perl-bootloader", "p-cpe:/a:novell:suse_linux:perl-bootloader-yaml", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3447-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154190", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3447-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154190);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3447-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3447-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3447-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009597.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e22ca7a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kmod-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kmod-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Bootloader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Bootloader-YAML\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.86.2.9.40.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.86.2.9.40.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.86.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.86.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-25-6.10.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-25-6.10.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-bash-completion-25-6.10.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-bash-completion-25-6.10.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-compat-25-6.10.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kmod-compat-25-6.10.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libkmod-devel-25-6.10.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libkmod-devel-25-6.10.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libkmod2-25-6.10.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libkmod2-25-6.10.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'perl-Bootloader-0.931-3.5.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'perl-Bootloader-0.931-3.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.86.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.86.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.86.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.86.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.86.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'perl-Bootloader-YAML-0.931-3.5.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'perl-Bootloader-YAML-0.931-3.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-24.86.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-24_86-default-1-5.3.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-extra-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-default-extra-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-preempt-extra-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-preempt-extra-5.3.18-24.86.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:37:35", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3447-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-17T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3447-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kmod-compat", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3447.NASL", "href": "https://www.tenable.com/plugins/nessus/154187", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3447-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154187);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3447-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3447-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IAN74FTXJ7PFHCBV6YMLTPNW7VFYCPFV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4839cfe0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kmod-compat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kmod-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kmod-compat-25-6.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kmod-compat');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:17", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3338-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3338-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-azure", "p-cpe:/a:novell:opensuse:dlm-kmp-azure", "p-cpe:/a:novell:opensuse:gfs2-kmp-azure", "p-cpe:/a:novell:opensuse:kernel-azure", "p-cpe:/a:novell:opensuse:kernel-azure-devel", "p-cpe:/a:novell:opensuse:kernel-azure-extra", "p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-azure-optional", "p-cpe:/a:novell:opensuse:kernel-devel-azure", "p-cpe:/a:novell:opensuse:kernel-source-azure", "p-cpe:/a:novell:opensuse:kernel-syms-azure", "p-cpe:/a:novell:opensuse:kselftests-kmp-azure", "p-cpe:/a:novell:opensuse:ocfs2-kmp-azure", "p-cpe:/a:novell:opensuse:reiserfs-kmp-azure", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3338.NASL", "href": "https://www.tenable.com/plugins/nessus/154091", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3338-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154091);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3338-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3338-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H64LCXMISTZ7YB7R4ABO2Y73X23DJFXU/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c7b5d8d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-devel-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-extra-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-optional-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-azure-5.3.18-38.25.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-azure-5.3.18-38.25.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-azure-5.3.18-38.25.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:03:47", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3339-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154098", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3339-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154098);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3339-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3339-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009567.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7244cda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'dlm-kmp-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'gfs2-kmp-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-devel-rt-5.3.18-54.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-devel-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-devel-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-source-rt-5.3.18-54.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-syms-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'ocfs2-kmp-rt-5.3.18-54.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:37:02", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1357-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-17T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1357-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1357.NASL", "href": "https://www.tenable.com/plugins/nessus/154192", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1357-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154192);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1357-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1357-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SS5B6JL55TTUNHHOGTFHK5JQ6EZOF7ZV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b85f5a4f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kernel-debug-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-lp152.95.1.lp152.8.44.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-lp152.95.1.lp152.8.44.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-lp152.95.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-lp152.95.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-lp152.95.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-lp152.95.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-lp152.95.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug / kernel-debug-devel / kernel-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:36:37", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3337-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3337-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3337-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154099", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3337-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154099);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3337-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3337-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3337-1 advisory.\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009568.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?958e19db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-18.69.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-azure-devel-5.3.18-18.69.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-devel-azure-5.3.18-18.69.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-source-azure-5.3.18-18.69.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-syms-azure-5.3.18-18.69.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:58", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/164817", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0024.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164817);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2019-9213\",\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1011\",\n \"CVE-2022-2588\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum\n address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP\n platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-9213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36516.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36557.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36558.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-33655.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-33656.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-1011.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-21546.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0024.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.66.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0024');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-30T16:11:24", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1365-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1365-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-3702", "CVE-2021-3669", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3764", "CVE-2021-40490"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kmod", "p-cpe:/a:novell:opensuse:kmod-bash-completion", "p-cpe:/a:novell:opensuse:kmod-compat", "p-cpe:/a:novell:opensuse:libkmod-devel", "p-cpe:/a:novell:opensuse:libkmod2", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1365.NASL", "href": "https://www.tenable.com/plugins/nessus/154206", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1365-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154206);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\n \"CVE-2020-3702\",\n \"CVE-2021-3669\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3764\",\n \"CVE-2021-40490\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1365-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1365-1 advisory.\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to\n improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for\n a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon\n Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon\n Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,\n MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191292\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JSK2K2OLYKIFCAMBX4QB7AGV6SKS3BTM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ec6cf78\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-3702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n scrip